From 0e7a273794adbe8974fee6db0bbdf437106c7d29 Mon Sep 17 00:00:00 2001
From: kemley76 <kemley@mitre.org>
Date: Thu, 6 Jun 2024 17:54:06 -0400
Subject: [PATCH 1/6] input validation for checklist metadata

Signed-off-by: kemley76 <kemley@mitre.org>
---
 src/commands/convert/hdf2ckl.ts       | 19 +++++++++++++++----
 src/commands/generate/ckl_metadata.ts | 12 ++++++++++--
 src/resources/files.json              |  2 +-
 src/types/checklist.d.ts              |  6 +++---
 4 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index 5c74fef7e..eee9ba59a 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -8,6 +8,7 @@ import Mustache from 'mustache'
 import {CKLMetadata} from '../../types/checklist'
 import {convertFullPathToFilename, getProfileInfo} from '../../utils/global'
 import {getDetails} from '../../utils/checklist'
+import {validateChecklistMetadata} from '@mitre/hdf-converters'
 
 export default class HDF2CKL extends Command {
   static usage = 'convert hdf2ckl -i <hdf-scan-results-json> -o <output-ckl> [-h] [-m <metadata>] [-H <hostname>] [-F <fqdn>] [-M <mac-address>] [-I <ip-address>]'
@@ -46,10 +47,14 @@ export default class HDF2CKL extends Command {
       stigid: profileName || null,
       role: 'None',
       type: 'Computing',
-      hostname: flags.hostname || _.get(contextualizedEvaluation, 'evaluation.data.passthrough.hostname') || null,
-      ip: flags.ip || _.get(contextualizedEvaluation, 'evaluation.data.passthrough.ip') || null,
-      mac: flags.mac || _.get(contextualizedEvaluation, 'evaluation.data.passthrough.mac') || null,
-      fqdn: flags.fqdn || _.get(contextualizedEvaluation, 'evaluation.data.passthrough.fqdn') || null,
+      hostname: flags.hostname || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostname') ||
+        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostname') || null,
+      hostip: flags.ip || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostip') ||
+        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostip') ||  null,
+      hostmac: flags.mac || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostmac') ||
+        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostmac') ||  null,
+      hostfqdn: flags.fqdn || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostfqdn') ||
+        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostfqdn') ||  null,
       tech_area: null,
       target_key: '0',
       web_or_database: 'false',
@@ -66,6 +71,12 @@ export default class HDF2CKL extends Command {
       }
     }
 
+    const validationResults = validateChecklistMetadata(cklMetadata)
+    if (validationResults.isError) {
+      console.error(`Cannot create checklist file:\n${validationResults.message}`)
+      process.exit(1)
+    }
+
     cklData = {
       releaseInfo: cklMetadata.benchmark.plaintext,
       ...cklMetadata,
diff --git a/src/commands/generate/ckl_metadata.ts b/src/commands/generate/ckl_metadata.ts
index 3ca468fba..8ebfe7c39 100644
--- a/src/commands/generate/ckl_metadata.ts
+++ b/src/commands/generate/ckl_metadata.ts
@@ -2,6 +2,7 @@ import {Command, Flags} from '@oclif/core'
 import fs from 'fs'
 import promptSync from 'prompt-sync'
 import _ from 'lodash'
+import {validateChecklistMetadata} from '@mitre/hdf-converters'
 
 const prompt = promptSync()
 
@@ -30,14 +31,21 @@ export default class GenerateCKLMetadata extends Command {
       role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}) || null,
       type: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})) || null,
       hostname: prompt({ask: 'What is the asset hostname? '}) || null,
-      ip: prompt({ask: 'What is the asset IP address? '}) || null,
-      mac: prompt({ask: 'What is the asset MAC address? '}) || null,
+      hostip: prompt({ask: 'What is the asset IP address? '}) || null,
+      hostmac: prompt({ask: 'What is the asset MAC address? '}) || null,
+      hostfqdn: prompt({ask: 'What is the asset FQDN? '}) || null,
       tech_area: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}) || null, // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
       target_key: prompt({ask: 'What is the target key? '}) || null,
       web_or_database: prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y',
       web_db_site: prompt({ask: 'What is the Web or DB site? '}) || null,
       web_db_instance: prompt({ask: 'What is the Web or DB instance? '}) || null,
     }
+    const validationResults = validateChecklistMetadata(cklMetadata)
+    if (validationResults.isError) {
+      console.error(`Unable to generate checklist metadata:\n${validationResults.message}`)
+      process.exit(1)
+    }
+
     fs.writeFileSync(flags.output, JSON.stringify(cklMetadata))
   }
 }
diff --git a/src/resources/files.json b/src/resources/files.json
index 98b5b8f15..6f68d9e52 100644
--- a/src/resources/files.json
+++ b/src/resources/files.json
@@ -13,7 +13,7 @@
     },
     "cklExport.ckl": {
         "type": "string",
-        "data": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!--DISA STIG Viewer :: 2.14-->\r\n<CHECKLIST>\r\n\t<ASSET>\r\n\t\t<ROLE>{{role}}<\/ROLE>\r\n\t\t<ASSET_TYPE>{{type}}<\/ASSET_TYPE>\r\n\t\t<HOST_NAME>{{hostname}}<\/HOST_NAME>\r\n\t\t<HOST_IP>{{ip}}<\/HOST_IP>\r\n\t\t<HOST_MAC>{{mac}}<\/HOST_MAC>\r\n\t\t<HOST_FQDN>{{fqdn}}<\/HOST_FQDN>\r\n\t\t<TARGET_COMMENT><\/TARGET_COMMENT>\r\n\t\t<TECH_AREA>{{tech_area}}<\/TECH_AREA>\r\n\t\t<TARGET_KEY>{{target_key}}<\/TARGET_KEY>\r\n\t\t<WEB_OR_DATABASE>{{web_or_database}}<\/WEB_OR_DATABASE>\r\n\t\t<WEB_DB_SITE>{{web_db_site}}<\/WEB_DB_SITE>\r\n\t\t<WEB_DB_INSTANCE>{{web_db_instance}}<\/WEB_DB_INSTANCE>\r\n\t<\/ASSET>\r\n\t<STIGS>\r\n\t\t<iSTIG>\r\n\t\t\t<STIG_INFO>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>version<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.version}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>classification<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>UNCLASSIFIED<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>customname<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>stigid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{stigid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>description<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{profileInfo}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>filename<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{fileName}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>releaseinfo<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.plaintext}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>title<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.title}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>uuid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{uuid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>notice<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>terms-of-use<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>source<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t<\/STIG_INFO>\r\n\t\t\t{{#controls}}\r\n\t\t\t<VULN>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Num<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{vid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Severity<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{severity}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Group_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{gtitle}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{rid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Ver<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{ruleVersion}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{title}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Discuss<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{description}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>IA_Controls<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{checkText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Fix_Text<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{fixText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Positives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Negatives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Documentable<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>false<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigations<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Potential_Impact<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Third_Party_Tools<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigation_Control<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Responsibility<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Security_Override_Guidance<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content_Ref<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>M<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Weight<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>10.0<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Class<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{classification}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIGRef<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{profileName}} {{startTime}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>TargetKey<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{target_key}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIG_UUID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{uuidV4}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{#ccis}}\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>CCI_REF<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{.}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{\/ccis}}\r\n\t\t\t\t<STATUS>{{status}}<\/STATUS>\r\n\t\t\t\t<FINDING_DETAILS>{{results}}<\/FINDING_DETAILS>\r\n\t\t\t\t<COMMENTS><\/COMMENTS>\r\n\t\t\t\t<SEVERITY_OVERRIDE><\/SEVERITY_OVERRIDE>\r\n\t\t\t\t<SEVERITY_JUSTIFICATION><\/SEVERITY_JUSTIFICATION>\r\n\t\t\t<\/VULN>\r\n\t\t\t{{\/controls}}\r\n\t\t<\/iSTIG>\r\n\t<\/STIGS>\r\n<\/CHECKLIST>"
+        "data": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!--DISA STIG Viewer :: 2.14-->\r\n<CHECKLIST>\r\n\t<ASSET>\r\n\t\t<ROLE>{{role}}<\/ROLE>\r\n\t\t<ASSET_TYPE>{{type}}<\/ASSET_TYPE>\r\n\t\t<HOST_NAME>{{hostname}}<\/HOST_NAME>\r\n\t\t<HOST_IP>{{hostip}}<\/HOST_IP>\r\n\t\t<HOST_MAC>{{hostmac}}<\/HOST_MAC>\r\n\t\t<HOST_FQDN>{{hostfqdn}}<\/HOST_FQDN>\r\n\t\t<TARGET_COMMENT><\/TARGET_COMMENT>\r\n\t\t<TECH_AREA>{{tech_area}}<\/TECH_AREA>\r\n\t\t<TARGET_KEY>{{target_key}}<\/TARGET_KEY>\r\n\t\t<WEB_OR_DATABASE>{{web_or_database}}<\/WEB_OR_DATABASE>\r\n\t\t<WEB_DB_SITE>{{web_db_site}}<\/WEB_DB_SITE>\r\n\t\t<WEB_DB_INSTANCE>{{web_db_instance}}<\/WEB_DB_INSTANCE>\r\n\t<\/ASSET>\r\n\t<STIGS>\r\n\t\t<iSTIG>\r\n\t\t\t<STIG_INFO>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>version<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.version}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>classification<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>UNCLASSIFIED<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>customname<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>stigid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{stigid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>description<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{profileInfo}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>filename<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{fileName}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>releaseinfo<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.plaintext}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>title<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.title}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>uuid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{uuid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>notice<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>terms-of-use<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>source<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t<\/STIG_INFO>\r\n\t\t\t{{#controls}}\r\n\t\t\t<VULN>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Num<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{vid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Severity<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{severity}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Group_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{gtitle}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{rid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Ver<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{ruleVersion}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{title}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Discuss<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{description}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>IA_Controls<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{checkText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Fix_Text<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{fixText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Positives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Negatives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Documentable<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>false<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigations<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Potential_Impact<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Third_Party_Tools<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigation_Control<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Responsibility<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Security_Override_Guidance<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content_Ref<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>M<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Weight<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>10.0<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Class<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{classification}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIGRef<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{profileName}} {{startTime}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>TargetKey<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{target_key}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIG_UUID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{uuidV4}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{#ccis}}\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>CCI_REF<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{.}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{\/ccis}}\r\n\t\t\t\t<STATUS>{{status}}<\/STATUS>\r\n\t\t\t\t<FINDING_DETAILS>{{results}}<\/FINDING_DETAILS>\r\n\t\t\t\t<COMMENTS><\/COMMENTS>\r\n\t\t\t\t<SEVERITY_OVERRIDE><\/SEVERITY_OVERRIDE>\r\n\t\t\t\t<SEVERITY_JUSTIFICATION><\/SEVERITY_JUSTIFICATION>\r\n\t\t\t<\/VULN>\r\n\t\t\t{{\/controls}}\r\n\t\t<\/iSTIG>\r\n\t<\/STIGS>\r\n<\/CHECKLIST>"
     },
     "AttestationTemplate": {
         "type": "b64file",
diff --git a/src/types/checklist.d.ts b/src/types/checklist.d.ts
index 996363c61..c721f6362 100644
--- a/src/types/checklist.d.ts
+++ b/src/types/checklist.d.ts
@@ -30,9 +30,9 @@ export interface CKLMetadata {
     role: string | null;
     type: string | null;
     hostname: string | null;
-    ip: string | null;
-    mac: string | null;
-    fqdn: string | null;
+    hostip: string | null;
+    hostmac: string | null;
+    hostfqdn: string | null;
     tech_area: string | null;
     target_key: string | null;
     web_or_database: string | null;

From 0d5fd2cff9669473e6c434fb71eb6a96c52aa54d Mon Sep 17 00:00:00 2001
From: kemley76 <kemley@mitre.org>
Date: Fri, 7 Jun 2024 13:49:01 -0400
Subject: [PATCH 2/6] use hdf-converters in hdf2ckl

Signed-off-by: kemley76 <kemley@mitre.org>
---
 src/commands/convert/ckl2hdf.ts       |  9 ++-
 src/commands/convert/hdf2ckl.ts       | 83 ++++++++-------------------
 src/commands/generate/ckl_metadata.ts | 18 +++---
 src/resources/files.json              |  4 --
 src/types/checklist.d.ts              | 36 ++++++------
 5 files changed, 57 insertions(+), 93 deletions(-)

diff --git a/src/commands/convert/ckl2hdf.ts b/src/commands/convert/ckl2hdf.ts
index 1851673fb..c289cdb77 100644
--- a/src/commands/convert/ckl2hdf.ts
+++ b/src/commands/convert/ckl2hdf.ts
@@ -23,7 +23,12 @@ export default class CKL2HDF extends Command {
     const data = fs.readFileSync(flags.input, 'utf8')
     checkInput({data, filename: flags.input}, 'checklist', 'DISA Checklist')
 
-    const converter = new Mapper(data, flags['with-raw'])
-    fs.writeFileSync(checkSuffix(flags.output), JSON.stringify(converter.toHdf()))
+    try {
+      const converter = new Mapper(data, flags['with-raw'])
+      fs.writeFileSync(checkSuffix(flags.output), JSON.stringify(converter.toHdf()))
+    } catch (error) {
+      console.error(`Error converting to hdf:\n${error}`)
+      process.exit(1)
+    }
   }
 }
diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index eee9ba59a..8095be953 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -1,14 +1,8 @@
 import {Command, Flags} from '@oclif/core'
-import {contextualizeEvaluation} from 'inspecjs'
 import _ from 'lodash'
 import fs from 'fs'
-import {v4} from 'uuid'
-import {default as files} from '../../resources/files.json'
-import Mustache from 'mustache'
 import {CKLMetadata} from '../../types/checklist'
-import {convertFullPathToFilename, getProfileInfo} from '../../utils/global'
-import {getDetails} from '../../utils/checklist'
-import {validateChecklistMetadata} from '@mitre/hdf-converters'
+import {ChecklistResults as Mapper} from '@mitre/hdf-converters'
 
 export default class HDF2CKL extends Command {
   static usage = 'convert hdf2ckl -i <hdf-scan-results-json> -o <output-ckl> [-h] [-m <metadata>] [-H <hostname>] [-F <fqdn>] [-M <mac-address>] [-I <ip-address>]'
@@ -26,64 +20,33 @@ export default class HDF2CKL extends Command {
     ip: Flags.string({char: 'I', required: false, description: 'IP address for CKL metadata'}),
   }
 
-  static examples = ['saf convert hdf2ckl -i rhel7-results.json -o rhel7.ckl --fqdn reverseproxy.example.org --hostname reverseproxy --ip 10.0.0.3 --mac 12:34:56:78:90']
+  static examples = ['saf convert hdf2ckl -i rhel7-results.json -o rhel7.ckl --fqdn reverseproxy.example.org --hostname reverseproxy --ip 10.0.0.3 --mac 12:34:56:78:90:AB']
 
   async run() {
     const {flags} = await this.parse(HDF2CKL)
-    const contextualizedEvaluation = contextualizeEvaluation(JSON.parse(fs.readFileSync(flags.input, 'utf8')))
-    const profileName = contextualizedEvaluation.data.profiles[0].name
-    const controls = contextualizedEvaluation.contains.flatMap(profile => profile.contains) || []
-    const rootControls = _.uniqBy(controls, control =>
-      _.get(control, 'root.hdf.wraps.id'),
-    ).map(({root}) => root)
-    let cklData = {}
-    const cklMetadata: CKLMetadata = {
-      fileName: convertFullPathToFilename(flags.input),
-      benchmark: {
-        title: profileName || null,
-        version: '1',
-        plaintext: null,
-      },
-      stigid: profileName || null,
-      role: 'None',
-      type: 'Computing',
-      hostname: flags.hostname || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostname') ||
-        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostname') || null,
-      hostip: flags.ip || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostip') ||
-        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostip') ||  null,
-      hostmac: flags.mac || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostmac') ||
-        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostmac') ||  null,
-      hostfqdn: flags.fqdn || _.get(contextualizedEvaluation, 'data.passthrough.checklist.asset.hostfqdn') ||
-        _.get(contextualizedEvaluation, 'data.passthrough.metadata.hostfqdn') ||  null,
-      tech_area: null,
-      target_key: '0',
-      web_or_database: 'false',
-      web_db_site: null,
-      web_db_instance: null,
-    }
-
-    if (flags.metadata) {
-      const cklMetadataInput: CKLMetadata = JSON.parse(fs.readFileSync(flags.metadata, 'utf8'))
-      for (const field in cklMetadataInput) {
-        if (typeof cklMetadata[field] === 'string' || typeof cklMetadata[field] === 'object') {
-          cklMetadata[field] = cklMetadataInput[field]
-        }
-      }
-    }
 
-    const validationResults = validateChecklistMetadata(cklMetadata)
-    if (validationResults.isError) {
-      console.error(`Cannot create checklist file:\n${validationResults.message}`)
+    /* Order of prescedece for checklist metadata:
+      command flags (hostname, ip, etc.)
+      metadata flag
+      input hdf file passthrough.metadata
+      input hdf file passthrough.checklist.asset */
+
+    const defaultMetadata: CKLMetadata = {role: 'None', assettype: 'Computing', targetkey: '0', webordatabase: false, profiles: []}
+    const inputHDF = JSON.parse(fs.readFileSync(flags.input, 'utf8'))
+    const flagMetadata = {hostname: flags.hostname, hostip: flags.ip, hostmac: flags.mac, hostfqdn: flags.fqdn}
+    const fileMetadata = flags.metadata ? JSON.parse(fs.readFileSync(flags.metadata, 'utf8')) : {}
+    const hdfMetadata = _.get(inputHDF, 'passthrough.metadata', _.get(inputHDF, 'passthrough.checklist.asset', {}))
+    const metadata = _.merge(_.merge(defaultMetadata, hdfMetadata, fileMetadata, flagMetadata))
+
+    // use the input hdf's profiles by default since they cant be included elsewhere
+    metadata.profiles = _.get(hdfMetadata, 'profiles', [])
+    _.set(inputHDF, 'passthrough.metadata', metadata)
+
+    try {
+      fs.writeFileSync(flags.output, new Mapper(inputHDF).toCkl())
+    } catch (error) {
+      console.error(`Error creating checklist:\n${error}`)
       process.exit(1)
     }
-
-    cklData = {
-      releaseInfo: cklMetadata.benchmark.plaintext,
-      ...cklMetadata,
-      profileInfo: getProfileInfo(contextualizedEvaluation, cklMetadata.fileName),
-      uuid: v4(),
-      controls: rootControls.map(control => getDetails(control, profileName)),
-    }
-    fs.writeFileSync(flags.output, Mustache.render(files['cklExport.ckl'].data, cklData).replaceAll(/[^\x00-\x7F]/g, ''))
   }
 }
diff --git a/src/commands/generate/ckl_metadata.ts b/src/commands/generate/ckl_metadata.ts
index 8ebfe7c39..efb00fb1f 100644
--- a/src/commands/generate/ckl_metadata.ts
+++ b/src/commands/generate/ckl_metadata.ts
@@ -27,18 +27,20 @@ export default class GenerateCKLMetadata extends Command {
         version: prompt({ask: 'What is the benchmark version? '}) || null,
         plaintext: prompt({ask: 'What is the notes for release info? '}) || null,
       },
-      stigid: prompt({ask: 'What is the STIG ID? '}) || null,
-      role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}) || null,
-      type: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})) || null,
+      marking: prompt({ask: 'What is the marking? '}) || null,
       hostname: prompt({ask: 'What is the asset hostname? '}) || null,
       hostip: prompt({ask: 'What is the asset IP address? '}) || null,
       hostmac: prompt({ask: 'What is the asset MAC address? '}) || null,
       hostfqdn: prompt({ask: 'What is the asset FQDN? '}) || null,
-      tech_area: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}) || null, // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
-      target_key: prompt({ask: 'What is the target key? '}) || null,
-      web_or_database: prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y',
-      web_db_site: prompt({ask: 'What is the Web or DB site? '}) || null,
-      web_db_instance: prompt({ask: 'What is the Web or DB instance? '}) || null,
+      targetcomment: prompt({ask: 'What are the target comments? '}) || null,
+      role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}) || null,
+      assettype: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})) || null,
+      techarea: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}) || null, // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
+      stigguid: prompt({ask: 'What is the STIG ID? '}) || null,
+      targetkey: prompt({ask: 'What is the target key? '}) || null,
+      webordatabase: prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y',
+      webdbsite: prompt({ask: 'What is the Web or DB site? '}) || null,
+      webdbinstance: prompt({ask: 'What is the Web or DB instance? '}) || null,
     }
     const validationResults = validateChecklistMetadata(cklMetadata)
     if (validationResults.isError) {
diff --git a/src/resources/files.json b/src/resources/files.json
index 6f68d9e52..46c027abd 100644
--- a/src/resources/files.json
+++ b/src/resources/files.json
@@ -11,10 +11,6 @@
         "type": "string",
         "data": "<Benchmark xmlns=\"http://checklists.nist.gov/xccdf/1.2\"\r\n    xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n    xsi:schemaLocation=\"http://checklists.nist.gov/xccdf/1.2 https://csrc.nist.gov/schema/xccdf/1.2/xccdf_1.2.xsd\" id=\"xccdf_mitre.hdf-converters.xccdf_benchmark_hdf2xccdf\">\n    <status date=\"{{Benchmark.date}}\">draft</status>\n    <title>{{Benchmark.title}}</title>\n    <description>HDF Results Set converted Into XCCDF Benchmark</description>\n    <notice id=\"terms-of-use\" xml:lang=\"en\"></notice>\n    <front-matter xml:lang=\"en\">{{Benchmark.passthrough}}</front-matter>\n    <rear-matter xml:lang=\"en\"></rear-matter>\n    <version>{{Benchmark.version}}</version>\n    <metadata xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">\n        <dc:publisher xmlns:dc=\"http://purl.org/dc/elements/1.1/\">{{Benchmark.metadata.copyright}}</dc:publisher>\n        <dc:creator xmlns:dc=\"http://purl.org/dc/elements/1.1/\">{{Benchmark.metadata.maintainer}}</dc:creator>\n    </metadata>\n    {{#Benchmark.Profile}}\n    <Profile id=\"{{id}}\">\n        <status>draft</status>\n        <version>{{version}}</version>\n        <title xmlns:xhtml=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en-US\" override=\"true\">{{title}}</title>\n        {{#select}}\n        <select idref=\"{{.}}\" selected=\"true\"/>\n        {{/select}}\n    </Profile>\n    {{/Benchmark.Profile}}\n    \n    {{#Benchmark.Rule}}\n    <Group id=\"{{groupId}}\">\n        <title>{{title}}</title>\n        <description>{{description}}</description>\n        <Rule id=\"{{id}}\" severity=\"{{severity}}\">\n            <version>{{version}}</version>\n            <title>{{title}}</title>\n            <description>&lt;VulnDiscussion&gt;{{description}}&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;{{documentable}}&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;{{waiver}}&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>\n            {{#descriptions}}\n            <description>{{.}}</description>\n            {{/descriptions}}\n            {{#tags}}\n            <description>{{.}}</description>\n            {{/tags}}\n            {{#ccis}}\n            <ident system=\"http://iase.disa.mil/cci\">{{.}}</ident>\n            {{/ccis}}\n            <fixtext {{#fixid}} fixref=\"{{fixid}}\" {{/fixid}}>{{fix}}</fixtext>\n            {{#fixid}}\n            <fix id=\"{{fixid}}\" />\n            {{/fixid}}\n            <check system=\"http://www.w3.org/1999/xhtml\">\n                <check-content>{{checkContent}}</check-content>\n            </check>\n        </Rule>\n    </Group>\n    {{/Benchmark.Rule}}\n    <TestResult id=\"xccdf_mitre.hdf-converters.xccdf_testresult_hdf2xccdf\" end-time=\"{{Benchmark.TestResult.endTime}}\">\n        <target>Original Target</target>\n        {{#Benchmark.TestResult.hasAttributes}}\n        <target-facts>\n            {{#Benchmark.TestResult.attributes}}\n            <fact name=\"hdf:attribute:fact:input:{{name}}\">{{options.value}}</fact>\n            {{/Benchmark.TestResult.attributes}}\n        </target-facts>\n        {{/Benchmark.TestResult.hasAttributes}}\n        {{#Benchmark.TestResult.results}}\n        <rule-result idref=\"{{idref}}\">\n            <result>{{result}}</result>\n            <message severity=\"{{messageType}}\">{{message}}</message>\n            <check system=\"\">\n                <check-content>{{code}}</check-content>\n            </check>\n        </rule-result>\n        {{/Benchmark.TestResult.results}}\n        <score system=\"urn:xccdf:scoring:absolute\" maximum=\"1\">0</score>\n    </TestResult>\n</Benchmark>\n"
     },
-    "cklExport.ckl": {
-        "type": "string",
-        "data": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!--DISA STIG Viewer :: 2.14-->\r\n<CHECKLIST>\r\n\t<ASSET>\r\n\t\t<ROLE>{{role}}<\/ROLE>\r\n\t\t<ASSET_TYPE>{{type}}<\/ASSET_TYPE>\r\n\t\t<HOST_NAME>{{hostname}}<\/HOST_NAME>\r\n\t\t<HOST_IP>{{hostip}}<\/HOST_IP>\r\n\t\t<HOST_MAC>{{hostmac}}<\/HOST_MAC>\r\n\t\t<HOST_FQDN>{{hostfqdn}}<\/HOST_FQDN>\r\n\t\t<TARGET_COMMENT><\/TARGET_COMMENT>\r\n\t\t<TECH_AREA>{{tech_area}}<\/TECH_AREA>\r\n\t\t<TARGET_KEY>{{target_key}}<\/TARGET_KEY>\r\n\t\t<WEB_OR_DATABASE>{{web_or_database}}<\/WEB_OR_DATABASE>\r\n\t\t<WEB_DB_SITE>{{web_db_site}}<\/WEB_DB_SITE>\r\n\t\t<WEB_DB_INSTANCE>{{web_db_instance}}<\/WEB_DB_INSTANCE>\r\n\t<\/ASSET>\r\n\t<STIGS>\r\n\t\t<iSTIG>\r\n\t\t\t<STIG_INFO>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>version<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.version}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>classification<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>UNCLASSIFIED<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>customname<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>stigid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{stigid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>description<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{profileInfo}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>filename<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{fileName}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>releaseinfo<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.plaintext}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>title<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{benchmark.title}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>uuid<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>{{uuid}}<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>notice<\/SID_NAME>\r\n\t\t\t\t\t<SID_DATA>terms-of-use<\/SID_DATA>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t\t<SI_DATA>\r\n\t\t\t\t\t<SID_NAME>source<\/SID_NAME>\r\n\t\t\t\t<\/SI_DATA>\r\n\t\t\t<\/STIG_INFO>\r\n\t\t\t{{#controls}}\r\n\t\t\t<VULN>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Num<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{vid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Severity<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{severity}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Group_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{gtitle}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{rid}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Ver<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{ruleVersion}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Rule_Title<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{title}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Vuln_Discuss<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{description}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>IA_Controls<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{checkText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Fix_Text<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{fixText}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Positives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>False_Negatives<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Documentable<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>false<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigations<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Potential_Impact<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Third_Party_Tools<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Mitigation_Control<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Responsibility<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Security_Override_Guidance<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Check_Content_Ref<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>M<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Weight<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>10.0<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>Class<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{classification}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIGRef<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{profileName}} {{startTime}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>TargetKey<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{target_key}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>STIG_UUID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{uuidV4}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>LEGACY_ID<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA><\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{#ccis}}\r\n\t\t\t\t<STIG_DATA>\r\n\t\t\t\t\t<VULN_ATTRIBUTE>CCI_REF<\/VULN_ATTRIBUTE>\r\n\t\t\t\t\t<ATTRIBUTE_DATA>{{.}}<\/ATTRIBUTE_DATA>\r\n\t\t\t\t<\/STIG_DATA>\r\n\t\t\t\t{{\/ccis}}\r\n\t\t\t\t<STATUS>{{status}}<\/STATUS>\r\n\t\t\t\t<FINDING_DETAILS>{{results}}<\/FINDING_DETAILS>\r\n\t\t\t\t<COMMENTS><\/COMMENTS>\r\n\t\t\t\t<SEVERITY_OVERRIDE><\/SEVERITY_OVERRIDE>\r\n\t\t\t\t<SEVERITY_JUSTIFICATION><\/SEVERITY_JUSTIFICATION>\r\n\t\t\t<\/VULN>\r\n\t\t\t{{\/controls}}\r\n\t\t<\/iSTIG>\r\n\t<\/STIGS>\r\n<\/CHECKLIST>"
-    },
     "AttestationTemplate": {
         "type": "b64file",
         "data": "data:@file/vnd.openxmlformats-officedocument.spreadsheetml.sheet;base64,UEsDBBQABgAIAAAAIQBi7p1oXgEAAJAEAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACslMtOwzAQRfdI/EPkLUrcskAINe2CxxIqUT7AxJPGqmNbnmlp/56J+xBCoRVqN7ESz9x7MvHNaLJubbaCiMa7UgyLgcjAVV4bNy/Fx+wlvxcZknJaWe+gFBtAMRlfX41mmwCYcbfDUjRE4UFKrBpoFRY+gOOd2sdWEd/GuQyqWqg5yNvB4E5W3hE4yqnTEOPRE9RqaSl7XvPjLUkEiyJ73BZ2XqVQIVhTKWJSuXL6l0u+cyi4M9VgYwLeMIaQvQ7dzt8Gu743Hk00GrKpivSqWsaQayu/fFx8er8ojov0UPq6NhVoXy1bnkCBIYLS2ABQa4u0Fq0ybs99xD8Vo0zL8MIg3fsl4RMcxN8bZLqej5BkThgibSzgpceeRE85NyqCfqfIybg4wE/tYxx8bqbRB+QERfj/FPYR6brzwEIQycAhJH2H7eDI6Tt77NDlW4Pu8ZbpfzL+BgAA//8DAFBLAwQUAAYACAAAACEAtVUwI/QAAABMAgAACwAIAl9yZWxzLy5yZWxzIKIEAiigAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKySTU/DMAyG70j8h8j31d2QEEJLd0FIuyFUfoBJ3A+1jaMkG92/JxwQVBqDA0d/vX78ytvdPI3qyCH24jSsixIUOyO2d62Gl/pxdQcqJnKWRnGs4cQRdtX11faZR0p5KHa9jyqruKihS8nfI0bT8USxEM8uVxoJE6UchhY9mYFaxk1Z3mL4rgHVQlPtrYawtzeg6pPPm3/XlqbpDT+IOUzs0pkVyHNiZ9mufMhsIfX5GlVTaDlpsGKecjoieV9kbMDzRJu/E/18LU6cyFIiNBL4Ms9HxyWg9X9atDTxy515xDcJw6vI8MmCix+o3gEAAP//AwBQSwMEFAAGAAgAAAAhAIE+lJfzAAAAugIAABoACAF4bC9fcmVscy93b3JrYm9vay54bWwucmVscyCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxSTUvEMBC9C/6HMHebdhUR2XQvIuxV6w8IybQp2yYhM3703xsqul1Y1ksvA2+Gee/Nx3b3NQ7iAxP1wSuoihIEehNs7zsFb83zzQMIYu2tHoJHBRMS7Orrq+0LDppzE7k+ksgsnhQ45vgoJRmHo6YiRPS50oY0as4wdTJqc9Adyk1Z3su05ID6hFPsrYK0t7cgmilm5f+5Q9v2Bp+CeR/R8xkJSTwNeQDR6NQhK/jBRfYI8rz8Zk15zmvBo/oM5RyrSx6qNT18hnQgh8hHH38pknPlopm7Ve/hdEL7yim/2/Isy/TvZuTJx9XfAAAA//8DAFBLAwQUAAYACAAAACEAfjwwDJECAAALBgAADwAAAHhsL3dvcmtib29rLnhtbKRUXW+bMBR9n7T/YPmdGlIgFJVUHVm0SNtUbf14nBzjBCtgM9s0qar+911DSJvmpWtRYmNfc3yO7/E9v9jWFbrn2gglMxyc+BhxyVQh5CrDN9czL8HIWCoLWinJM/zADb6YfP50vlF6vVBqjQBAmgyX1jYpIYaVvKbmRDVcQmSpdE0tDPWKmEZzWpiSc1tXZOT7MampkLhHSPVbMNRyKRifKtbWXNoeRPOKWqBvStGYAa1mb4GrqV63jcdU3QDEQlTCPnSgGNUsna+k0nRRgextEKGthl8M/8CHZjTsBKGjrWrBtDJqaU8AmvSkj/QHPgmCgyPYHp/B25BCovm9cDncs9LxO1nFe6z4GSzwP4wWgLU6r6RweO9Ei/bcRnhyvhQVv+2ti2jT/KS1y1SFUUWN/VoIy4sMj2GoNvxgQrfNl1ZUEA38aORjMtnb+Uqjgi9pW9lrMPIADwvj+GwUuZVgjMvKci2p5bmSFny40/VRz3XYeanA4egX/9sKzeFigb9AK7SUpXRhrqgtUaurDJMbA+IJq5WCbsrN2qqGvLAlPb4D/2FMypxaAnJ7Sv37a+nATKeD+a6sRvA+n36HBPym95AOSHqxu61zOO/kz2M+niXT/Cz38mjse7Mk/OJdRmHg+bPTMMrzaT5LTp9AhY5Tpmhry12KHWaGQ8jnUegH3Q6RwE9bUTzv/+jvHs/1r5oh9uSUumJ2K/jGPJvBDdH2TshCbTI8Gieg5mEYjsE4aNPF7kRhS1iQ+OF+7hsXqxIIB+PQTYLnHbEMHxCa9oRm8HiuOSBEXjDqqiYw63okO6dTa8HWfemDIu3qqjviACOdup30vAi6FA4fM1ox8Lfr3MLO92So45N/AAAA//8DAFBLAwQUAAYACAAAACEA2efnWY4IAAD9QQAADQAAAHhsL3N0eWxlcy54bWzEXG1z4jYQ/t6Z/gePZ/qR8zvgFLgGErc3c01v5tJpP9wXYxvixi+MbVJop/+9K9lYqwSCSAy6zN1hYz272n20K62sjD5u0kR5iooyzrOxanzQVSXKgjyMs+VY/f3e6w1Vpaz8LPSTPIvG6jYq1Y+T778bldU2ib4+RFGlAERWjtWHqlpdaVoZPESpX37IV1EG3yzyIvUruCyWWrkqIj8sSaM00Uxd72upH2dqjXCVBiIgqV88rle9IE9XfhXP4ySuthRLVdLg6tMyywt/noCqG8P2A2Vj9AtT2RQ7IfTuCzlpHBR5mS+qD4Cr5YtFHEQv1XU1V/MDhgTIb0MyHE03ub5vijci2VoRPcXEfepklK1TL61KJcjXWQXubG8p9TefQrjZt1Wl9sosD4lL4c+3Xpp+64Xhjz+p2mSkNTiT0SLPEBxwgZrv6jHL/8488l0thDw2GZX/KE9+AndMAhLkSV4oFZABZBjkTuanUf3EzE/ieRGTmws/jZNtfZu2o/xpnktj8CbVqJYgSc7wRX+svf1RPsfLh+p4r/y/9vRqDsZoLegISnyjBTlZtC+ct/b3rgtZlAfnk7WPgcVyPlY9D4KNoevnpmEjzJ3pIO9iwpzBxXpmeZY36LRnHBdR5GhMSQRaXpemPCLQux7cXMyc3Qs71LsmEF9qBJAB160VYxwfX/Jk4JGfS/DkwimtI49pNJVDvo2TpJ0gWBbMEMidyQgmU1VUZB5cKM3n++0KUncG8746BdPnjjy9LPytYdL0pdWPHmlQ5kkcEi2WMzphaIb9rH/rzW6pXKQZTE3eA+p5s8EZQG+n7qx7TWeu2zWo6cFPx6DXDvnpvPvgqs5s2gxYuyslWzylisk0W/8wcF13aPSHw6FrW4ZtUyPPG0bHWRhtIph59zsz00sNHNDAtYZu3wRFdHtIRV1UAwsUGDjO0DFc04a/dKp3fg26tqmjyvYq0kCSV5EGkrxKZ5haB5G/GSl96V5FGkjyKtJAklcHHUfggXSvIg0keRVpIMmrtDrS4ViFKpPkvIo0kORVpIEkr3Y2+WwisCvdq0gDSV5FGrzbq3QhVE5G87wIoXzflnx1WEvV9yajJFpUsGouSFUS/q/yFfw7z6sKatyTURj7yzzzE1Lw3bUQaAnbAVD5H6vVQxw8gjCumlfPsWsR55LQRgebzLrtga0PbMfs1wubjkSnURiv05e9a2Xv9R+Ykdj2eMeRDUnZvjZhs/JlhQyN+K9xn2AL6mrqacEGwIkdJQRbdNFHVtQT7SNqIdZH1ECwj6hFRywK8zXsRD13sOcNdZ2ujk7my37A1615tM1Lex5tsseiR9t0wZupSX7oLFJwbKAWYrxBDQR5g1q8jTd7Bx5XtDhub+7x19RoQj1kjiBKkq8klv+5aNMHVC4mo80CbRfChjCpHJKdQ/IRaoDNxzpV1BeQQg41Mg82UvzVKtnerdN5VHh0l5iKoHdJGZJdTWmOY9fXSbzM0ojWXtQa5kuRV1FQ0V1sWjE9pI91QB+jARLR5z3yyebrPiOCnYTt8R75sLbfKx/sIlU+kEsKH2BVvLMHuACT+jV9umQkrOB2GoATZGgAq42dBkBPGRrAzHinARCUaQDqvMKK94wDA0Uz4AATCfLPJRJizK6XnMgz9vJQ+AX5FxnuBoq3QHRmZrg4l5kPhVhZIQa5HUYaMwFcvOYDyLrdpDzjUMyXZhAUdEEHZhEIA5dhJYq5IFNGxEOkIKFItgqgjmwVJKVfA3GBRCvZZpCUgTEfuRT8epDociKEVeDy4wVVwGTg8pUcM3D5Qo4K8uOjKSs+IjLAdrbsyGDKCpBohSQ/Ppqy4iMmg/wAacoKkIgM8uOjKSs+YjLID5CW/AmkJT8+WmeOjxoumNblU1Q5fVvhVNks9ldQm1Maxwqvbft966Z6j4FoDXqiei9f7W17pZDzGWPV1H9Qesp1EEB9FZxaK2gQkq/jBDbmib6EcMG6hL2uaX2zOeHxGhZ4p8YySRJBWBDQT8UChAaLxCCEBfHgVCwQX2NRCjMsKIWfjAV5ocEiGQJhQbQ+VS9o0mDxtncEbW/v8yOdSiF7gYNF9MJYzI8kEyMs6PKpWMyPJJAjLOjyqVjMjyQOINuDkFOxmB9JmkVYQLdTsVo/2iRKMyxH0Pb9vX4k4RbZS5CrGIv5keeqJchVjMX8yHOVdFnEXhiL+ZGPE7ZgnMBYzI98nLAF4wTGYn7kbe8I2v55ROUZbwoyvkZhvuO5Du/zC9m7RmFe41luCbK8RmH+4vltC/K7RmGe4qOKLRhVahQWM3nr2oLWnfrhLuryhDEFTQIHG4N1AudS4TjmLnXydCGrOJEhMXuIgkdlBsm7BeLHA0mjIkC3m1XiZ36VF1vlPtpULRzvdEcQ7uc8b23EI5AliYhCv8AZYDherLSTC57Dxokw7VjgzUPKeqdo0w4Gnn+GYKTYdaodDXxQJfMnEW0+Zat16yE+lpLULQLxOc4eo5BnDm9hsoQWQbqL1lXht/x7FrAEDXNHdvZbDD5E0I3653PGO9jIbzn6zIqCJvhtXSEz0vI6y5WkkiPS+/u4gnd3doOYS7dkQ0UIIq9Y1wkhUcqGM1JCGH/4RUZGCzd0n3H0QI/YggVm/+GGveVB7V6RU/L0/Y92PQDmDaOFv06q+/bLsco+/0rfigMyNU99iZ/yikKMVfaZHoKGUQwvhUC4+VzCK2zwv7Iu4rH67+104N7cemZvqE+HPduKnJ7rTG96jj2b3tx4rm7qs//QWf13nNSnv1oAXkwx7KsygfP8RdPZRvmv7N5YRRe1+vQdI1Ab6+6aff3aMfSeZ+lGz+77w96wbzk9zzHMm749vXU8B+nuvPFEv64ZRv27AYjyzlUVp1ESZztf7TyE74KT4PKVTmg7T2js9zZM/gcAAP//AwBQSwMEFAAGAAgAAAAhAMEXEL5OBwAAxiAAABMAAAB4bC90aGVtZS90aGVtZTEueG1s7FnNixs3FL8X+j8Mc3f8NeOPJd7gz2yT3SRknZQctbbsUVYzMpK8GxMCJTn1UiikpZdCbz2U0kADDb30jwkktOkf0SfN2COt5SSbbEpadg2LR/69p6f3nn5683Tx0r2YekeYC8KSll++UPI9nIzYmCTTln9rOCg0fE9IlIwRZQlu+Qss/Evbn35yEW3JCMfYA/lEbKGWH0k52yoWxQiGkbjAZjiB3yaMx0jCI58Wxxwdg96YFiulUq0YI5L4XoJiUHt9MiEj7A2VSn97qbxP4TGRQg2MKN9XqrElobHjw7JCiIXoUu4dIdryYZ4xOx7ie9L3KBISfmj5Jf3nF7cvFtFWJkTlBllDbqD/MrlMYHxY0XPy6cFq0iAIg1p7pV8DqFzH9ev9Wr+20qcBaDSClaa22DrrlW6QYQ1Q+tWhu1fvVcsW3tBfXbO5HaqPhdegVH+whh8MuuBFC69BKT5cw4edZqdn69egFF9bw9dL7V5Qt/RrUERJcriGLoW1ane52hVkwuiOE94Mg0G9kinPUZANq+xSU0xYIjflWozuMj4AgAJSJEniycUMT9AIsriLKDngxNsl0wgSb4YSJmC4VCkNSlX4rz6B/qYjirYwMqSVXWCJWBtS9nhixMlMtvwroNU3IC+ePXv+8Onzh789f/To+cNfsrm1KktuByVTU+7Vj1///f0X3l+//vDq8Tfp1CfxwsS//PnLl7//8Tr1sOLcFS++ffLy6ZMX333150+PHdrbHB2Y8CGJsfCu4WPvJothgQ778QE/ncQwQsSSQBHodqjuy8gCXlsg6sJ1sO3C2xxYxgW8PL9r2bof8bkkjpmvRrEF3GOMdhh3OuCqmsvw8HCeTN2T87mJu4nQkWvuLkqsAPfnM6BX4lLZjbBl5g2KEommOMHSU7+xQ4wdq7tDiOXXPTLiTLCJ9O4Qr4OI0yVDcmAlUi60Q2KIy8JlIITa8s3eba/DqGvVPXxkI2FbIOowfoip5cbLaC5R7FI5RDE1Hb6LZOQycn/BRyauLyREeoop8/pjLIRL5jqH9RpBvwoM4w77Hl3ENpJLcujSuYsYM5E9dtiNUDxz2kySyMR+Jg4hRZF3g0kXfI/ZO0Q9QxxQsjHctwm2wv1mIrgF5GqalCeI+mXOHbG8jJm9Hxd0grCLZdo8tti1zYkzOzrzqZXauxhTdIzGGHu3PnNY0GEzy+e50VciYJUd7EqsK8jOVfWcYAFlkqpr1ilylwgrZffxlG2wZ29xgngWKIkR36T5GkTdSl045ZxUep2ODk3gNQLlH+SL0ynXBegwkru/SeuNCFlnl3oW7nxdcCt+b7PHYF/ePe2+BBl8ahkg9rf2zRBRa4I8YYYICgwX3YKIFf5cRJ2rWmzulJvYmzYPAxRGVr0Tk+SNxc+Jsif8d8oedwFzBgWPW/H7lDqbKGXnRIGzCfcfLGt6aJ7cwHCSrHPWeVVzXtX4//uqZtNePq9lzmuZ81rG9fb1QWqZvHyByibv8uieT7yx5TMhlO7LBcW7Qnd9BLzRjAcwqNtRuie5agHOIviaNZgs3JQjLeNxJj8nMtqP0AxaQ2XdwJyKTPVUeDMmoGOkh3UrFZ/QrftO83iPjdNOZ7msupqpCwWS+XgpXI1Dl0qm6Fo9796t1Ot+6FR3WZcGKNnTGGFMZhtRdRhRXw5CFF5nhF7ZmVjRdFjRUOqXoVpGceUKMG0VFXjl9uBFveWHQdpBhmYclOdjFae0mbyMrgrOmUZ6kzOpmQFQYi8zII90U9m6cXlqdWmqvUWkLSOMdLONMNIwghfhLDvNlvtZxrqZh9QyT7liuRtyM+qNDxFrRSInuIEmJlPQxDtu+bVqCLcqIzRr+RPoGMPXeAa5I9RbF6JTuHYZSZ5u+HdhlhkXsodElDpck07KBjGRmHuUxC1fLX+VDTTRHKJtK1eAED5a45pAKx+bcRB0O8h4MsEjaYbdGFGeTh+B4VOucP6qxd8drCTZHMK9H42PvQM65zcRpFhYLysHjomAi4Ny6s0xgZuwFZHl+XfiYMpo17yK0jmUjiM6i1B2ophknsI1ia7M0U8rHxhP2ZrBoesuPJiqA/a9T903H9XKcwZp5memxSrq1HST6Yc75A2r8kPUsiqlbv1OLXKuay65DhLVeUq84dR9iwPBMC2fzDJNWbxOw4qzs1HbtDMsCAxP1Db4bXVGOD3xric/yJ3MWnVALOtKnfj6yty81WYHd4E8enB/OKdS6FBCb5cjKPrSG8iUNmCL3JNZjQjfvDknLf9+KWwH3UrYLZQaYb8QVINSoRG2q4V2GFbL/bBc6nUqD+BgkVFcDtPr+gFcYdBFdmmvx9cu7uPlLc2FEYuLTF/MF7Xh+uK+XNl8ce8RIJ37tcqgWW12aoVmtT0oBL1Oo9Ds1jqFXq1b7w163bDRHDzwvSMNDtrVblDrNwq1crdbCGolZX6jWagHlUo7qLcb/aD9ICtjYOUpfWS+APdqu7b/AQAA//8DAFBLAwQUAAYACAAAACEA9/xWeQIDAACQBwAAGAAAAHhsL3dvcmtzaGVldHMvc2hlZXQxLnhtbJyT24rbMBCG7wv7DkL3sXzYTRsTZ1l2Cd270uO1LI9jEclyJeVE6bt35ENSCCxhg6OxZf/fPyONlo9HrcgerJOmLWgSxZRAK0wl201Bf3xfzz5R4jxvK65MCwU9gaOPq7sPy4OxW9cAeIKE1hW08b7LGXOiAc1dZDpo8U1trOYeH+2Guc4Cr3qRViyN4znTXLZ0IOT2FoapayngxYidhtYPEAuKe8zfNbJzE02LW3Ca2+2umwmjO0SUUkl/6qGUaJG/blpjeamw7mNyzwU5WrxS/GeTTT9/5aSlsMaZ2kdIZkPO1+Uv2IJxcSZd138TJrlnFvYybOAFlb4vpeThzEovsOydsPkZFpbL5jtZFfRPPP5mGJMwxJdheveXrpaVxB0OVRELdUGfknz9kbLVsu+fnxIO7r974nn5DRQID+iRUBLaszRmGz58xakYia7/IBC58HIPz6AUgrFS93vwSEcPdjZZLS/3k+G67+kvlpTcwbNRv2TlG3TFs1NBzXfKfzWHzyA3jcfZOdYemievTi/gBHYtZhOloRRhFDJxJFqG04dNx49D+gMyRaTYOW/05DHKBgFm3gswHgbBfEFJCc6vZbB+U4x70osxjuIEOTeKH0YxxkkcR/jg/CmcFnS+EYSr02eBcQJlUZalcZakyHubwvoF/AcAAP//AAAA//+UkkEOgyAQRa9C5gBFEDUxSNJWew9CSbqyjRBtb9+xaRTCRnbAmxfmZ0a6h7W+114rOT0XMnXAgLiXHh2e2hrImwlt2vunt87Y0XdQnDgoadbSM9bii8P7rApJZyWp+bNLyFjMriHjMetDVsZsWHv7dbj9KuKKW2hXG6OYbQvIjwccOFDMFNplhl0mtsiwRWJXGXaV2DjMo4Md6sRuMuxmt+m+YF8AAAD//wAAAP//silITE/1TSxKz8wrVshJTSuxVTLQMzdVUijKTM+Ac0ryC2yVDJUUkvJLSvJzwcyM1MSU1CKQaqDitPz8EhhH385Gvzy/KLs4IzW1xA4AAAD//wMAUEsDBBQABgAIAAAAIQB/pFmDygAAADUBAAAUAAAAeGwvc2hhcmVkU3RyaW5ncy54bWx0j01LQzEQRfeC/yHM3ubpoogkKdgPcK1dl/Ay9gWSSczMk/bfGxFBHri853AvM2ZzyUl9YuNYyML9agCFNJYQ6Wzh+Ha4ewTF4in4VAgtXJFh425vDLOo3iW2MInUJ615nDB7XpWK1M17adlLj+2suTb0gSdEyUk/DMNaZx8J1FhmEgtrUDPFjxm3v9kZjs6I2xaSVtLpZWe0OKO/6Y/ZX2ry5KUfvlSHhn2LxutSvIqXmZf0WIMXDP/g0/OfGd3fdl8AAAD//wMAUEsDBBQABgAIAAAAIQC62Q4nUgEAAHsCAAARAAgBZG9jUHJvcHMvY29yZS54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kl9PgzAUxd9N/A6k71DK/mgaYImaPbloIovGt6a9bI3QkraK+/YW2BAz9bE95/56zk3T1WddBR9grNQqQySKUQCKayHVLkPbYh1eo8A6pgSrtIIMHcCiVX55kfKGcm3g0egGjJNgA09SlvImQ3vnGoqx5XuomY28Q3mx1KZmzh/NDjeMv7Ed4CSOl7gGxwRzDHfAsBmJ6IgUfEQ276bqAYJjqKAG5SwmEcHfXgemtr8O9MrEWUt3aHynY9wpW/BBHN2fVo7Gtm2jdtbH8PkJftncP/VVQ6m6XXFAeSo45QaY0ybfSG601aULHspScgi2FkyKJ45umxWzbuMXX0oQN4e/hs6N/qW+2PAciMBHpUOxk/I8u70r1ihP4oSE8TyMlwUhlMwpWbx2OX7Md9GHi/qY5n9i4nFhPCvIFV3MabycEE+APMVn3yX/AgAA//8DAFBLAwQUAAYACAAAACEAn51PeJIBAAAhAwAAEAAIAWRvY1Byb3BzL2FwcC54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACckk1v2zAMhu8D9h8M3Rs57VAMgaxiSDv0sGIBkrZnTqZjobZkiKyR7NePttHUWXfajR8vXj6iaG4ObZP1mMjHUKjlIlcZBhdLH/aFetx9v/iqMmIIJTQxYKGOSOrGfv5kNil2mNgjZWIRqFA1c7fSmlyNLdBC2kE6VUwtsKRpr2NVeYe30b22GFhf5vm1xgNjKLG86E6GanJc9fy/pmV0Ax897Y6dAFvzresa74DllfbBuxQpVpw9gPOBI9XZ3cFhY/RcZoRzi+41eT7a3Oh5arYOGlzLCFtBQ2j0e8HcIwzr24BPZE3Pqx4dx5SR/y0LvFTZLyAcwArVQ/IQWAAH2ZSMcdMRJ/sc0wvViExGi2AqjuFcO4/9F7scBRKcCweDCUQa54g7zw3Sz2oDif9BvJwTjwwT74QDzCgHMmz2I+X4cJn314R1bDsIR2mcoh8+vNBjt4u3wPi21POi2daQsJR/OC39VDD3ss/UDCbrGsIeyzfNx8ZwDE/Txdvl9SK/yuV3ZzWj32/b/gEAAP//AwBQSwECLQAUAAYACAAAACEAYu6daF4BAACQBAAAEwAAAAAAAAAAAAAAAAAAAAAAW0NvbnRlbnRfVHlwZXNdLnhtbFBLAQItABQABgAIAAAAIQC1VTAj9AAAAEwCAAALAAAAAAAAAAAAAAAAAJcDAABfcmVscy8ucmVsc1BLAQItABQABgAIAAAAIQCBPpSX8wAAALoCAAAaAAAAAAAAAAAAAAAAALwGAAB4bC9fcmVscy93b3JrYm9vay54bWwucmVsc1BLAQItABQABgAIAAAAIQB+PDAMkQIAAAsGAAAPAAAAAAAAAAAAAAAAAO8IAAB4bC93b3JrYm9vay54bWxQSwECLQAUAAYACAAAACEA2efnWY4IAAD9QQAADQAAAAAAAAAAAAAAAACtCwAAeGwvc3R5bGVzLnhtbFBLAQItABQABgAIAAAAIQDBFxC+TgcAAMYgAAATAAAAAAAAAAAAAAAAAGYUAAB4bC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgAAAAhAPf8VnkCAwAAkAcAABgAAAAAAAAAAAAAAAAA5RsAAHhsL3dvcmtzaGVldHMvc2hlZXQxLnhtbFBLAQItABQABgAIAAAAIQB/pFmDygAAADUBAAAUAAAAAAAAAAAAAAAAAB0fAAB4bC9zaGFyZWRTdHJpbmdzLnhtbFBLAQItABQABgAIAAAAIQC62Q4nUgEAAHsCAAARAAAAAAAAAAAAAAAAABkgAABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCfnU94kgEAACEDAAAQAAAAAAAAAAAAAAAAAKIiAABkb2NQcm9wcy9hcHAueG1sUEsFBgAAAAAKAAoAgAIAAGolAAAAAA=="
diff --git a/src/types/checklist.d.ts b/src/types/checklist.d.ts
index c721f6362..ce15f5a7f 100644
--- a/src/types/checklist.d.ts
+++ b/src/types/checklist.d.ts
@@ -1,3 +1,4 @@
+import {StigMetadata} from '@mitre/hdf-converters'
 import {ContextualizedEvaluation} from 'inspecjs'
 
 export interface ChecklistControl {
@@ -20,25 +21,22 @@ export interface ChecklistControl {
 }
 
 export interface CKLMetadata {
-    fileName: string;
-    benchmark: {
-      title: string | null;
-      version: string | null;
-      plaintext: string | null;
-    };
-    stigid: string | null;
-    role: string | null;
-    type: string | null;
-    hostname: string | null;
-    hostip: string | null;
-    hostmac: string | null;
-    hostfqdn: string | null;
-    tech_area: string | null;
-    target_key: string | null;
-    web_or_database: string | null;
-    web_db_site: string | null;
-    web_db_instance: string | null;
-    [key: string]: string | null | Record<string, string | null>;
+  assettype?: string;
+  hostfqdn?: string;
+  hostguid?: string;
+  hostip?: string;
+  hostmac?: string;
+  hostname?: string;
+  marking?: string;
+  role?: string;
+  stigguid?: string;
+  targetcomment?: string;
+  targetkey?: string;
+  techarea?: string;
+  webdbinstance?: string;
+  webdbsite?: string;
+  webordatabase?: boolean;
+  profiles: StigMetadata[]
 }
 
 type ExtendedEvaluationFile = {

From f0a2dac18d493e68eceec65ee82c6948d4557640 Mon Sep 17 00:00:00 2001
From: kemley76 <kemley@mitre.org>
Date: Fri, 7 Jun 2024 15:11:49 -0400
Subject: [PATCH 3/6] updated hdf2ckl tests

Signed-off-by: kemley76 <kemley@mitre.org>
---
 src/commands/convert/hdf2ckl.ts               |    13 +-
 src/commands/generate/ckl_metadata.ts         |    33 +-
 src/types/checklist.d.ts                      |    30 +-
 test/sample_data/checklist/metadata.json      |     2 +-
 test/sample_data/checklist/red_hat_good.ckl   | 66109 ++++++++--------
 .../checklist/red_hat_good_metadata.ckl       | 66109 ++++++++--------
 .../sample_data/checklist/vSphere8_report.ckl | 45126 +++++------
 7 files changed, 86356 insertions(+), 91066 deletions(-)

diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index 8095be953..4447c7607 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -31,15 +31,22 @@ export default class HDF2CKL extends Command {
       input hdf file passthrough.metadata
       input hdf file passthrough.checklist.asset */
 
-    const defaultMetadata: CKLMetadata = {role: 'None', assettype: 'Computing', targetkey: '0', webordatabase: false, profiles: []}
+    const defaultMetadata: CKLMetadata = {
+      role: 'None', assettype: 'Computing', targetkey: '0', webordatabase: false, profiles: [],
+      hostfqdn: '', hostip: '', hostmac: '', hostguid: '', marking: '', techarea: '',
+      hostname: '', stigguid: '', targetcomment: '', webdbinstance: '', webdbsite: '',
+    }
     const inputHDF = JSON.parse(fs.readFileSync(flags.input, 'utf8'))
     const flagMetadata = {hostname: flags.hostname, hostip: flags.ip, hostmac: flags.mac, hostfqdn: flags.fqdn}
     const fileMetadata = flags.metadata ? JSON.parse(fs.readFileSync(flags.metadata, 'utf8')) : {}
     const hdfMetadata = _.get(inputHDF, 'passthrough.metadata', _.get(inputHDF, 'passthrough.checklist.asset', {}))
     const metadata = _.merge(_.merge(defaultMetadata, hdfMetadata, fileMetadata, flagMetadata))
 
-    // use the input hdf's profiles by default since they cant be included elsewhere
-    metadata.profiles = _.get(hdfMetadata, 'profiles', [])
+    metadata.profiles = flags.metadata ? [{title: _.get(fileMetadata, 'benchmark.title'),
+      name: _.get(fileMetadata, 'benchmark.title'),
+      version: _.get(fileMetadata, 'benchmark.version'),
+      releasenumber: _.get(fileMetadata, 'benchmark.releasenumber'),
+      releasedate: _.get(fileMetadata, 'benchmark.releasedate')}] : _.get(hdfMetadata, 'profiles', [])
     _.set(inputHDF, 'passthrough.metadata', metadata)
 
     try {
diff --git a/src/commands/generate/ckl_metadata.ts b/src/commands/generate/ckl_metadata.ts
index efb00fb1f..355060ae8 100644
--- a/src/commands/generate/ckl_metadata.ts
+++ b/src/commands/generate/ckl_metadata.ts
@@ -23,24 +23,25 @@ export default class GenerateCKLMetadata extends Command {
     console.log('Please fill in the following fields to the best of your ability, if you do not have a value, please leave the field empty.')
     const cklMetadata = {
       benchmark: {
-        title: prompt({ask: 'What is the benchmark title? '}) || null,
-        version: prompt({ask: 'What is the benchmark version? '}) || null,
-        plaintext: prompt({ask: 'What is the notes for release info? '}) || null,
+        title: prompt({ask: 'What is the benchmark title? '}),
+        version: prompt({ask: 'What is the benchmark version? '}),
+        releasenumber: prompt({ask: 'What is the benchmark release number? '}),
+        releasedate: prompt({ask: 'What is the benchmark release date? '}),
       },
-      marking: prompt({ask: 'What is the marking? '}) || null,
-      hostname: prompt({ask: 'What is the asset hostname? '}) || null,
-      hostip: prompt({ask: 'What is the asset IP address? '}) || null,
-      hostmac: prompt({ask: 'What is the asset MAC address? '}) || null,
-      hostfqdn: prompt({ask: 'What is the asset FQDN? '}) || null,
-      targetcomment: prompt({ask: 'What are the target comments? '}) || null,
-      role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}) || null,
-      assettype: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})) || null,
-      techarea: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}) || null, // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
-      stigguid: prompt({ask: 'What is the STIG ID? '}) || null,
-      targetkey: prompt({ask: 'What is the target key? '}) || null,
+      marking: prompt({ask: 'What is the marking? '}),
+      hostname: prompt({ask: 'What is the asset hostname? '}),
+      hostip: prompt({ask: 'What is the asset IP address? '}),
+      hostmac: prompt({ask: 'What is the asset MAC address? '}),
+      hostfqdn: prompt({ask: 'What is the asset FQDN? '}),
+      targetcomment: prompt({ask: 'What are the target comments? '}),
+      role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}),
+      assettype: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})),
+      techarea: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}), // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
+      stigguid: prompt({ask: 'What is the STIG ID? '}),
+      targetkey: prompt({ask: 'What is the target key? '}),
       webordatabase: prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y',
-      webdbsite: prompt({ask: 'What is the Web or DB site? '}) || null,
-      webdbinstance: prompt({ask: 'What is the Web or DB instance? '}) || null,
+      webdbsite: prompt({ask: 'What is the Web or DB site? '}),
+      webdbinstance: prompt({ask: 'What is the Web or DB instance? '}),
     }
     const validationResults = validateChecklistMetadata(cklMetadata)
     if (validationResults.isError) {
diff --git a/src/types/checklist.d.ts b/src/types/checklist.d.ts
index ce15f5a7f..a91c7cc8e 100644
--- a/src/types/checklist.d.ts
+++ b/src/types/checklist.d.ts
@@ -21,21 +21,21 @@ export interface ChecklistControl {
 }
 
 export interface CKLMetadata {
-  assettype?: string;
-  hostfqdn?: string;
-  hostguid?: string;
-  hostip?: string;
-  hostmac?: string;
-  hostname?: string;
-  marking?: string;
-  role?: string;
-  stigguid?: string;
-  targetcomment?: string;
-  targetkey?: string;
-  techarea?: string;
-  webdbinstance?: string;
-  webdbsite?: string;
-  webordatabase?: boolean;
+  assettype: null | string;
+  hostfqdn: null | string;
+  hostguid: null | string;
+  hostip: null | string;
+  hostmac: null | string;
+  hostname: null | string;
+  marking: null | string;
+  role: null | string;
+  stigguid: null | string;
+  targetcomment: null | string;
+  targetkey: null | string;
+  techarea: null | string;
+  webdbinstance: null | string;
+  webdbsite: null | string;
+  webordatabase: null | boolean;
   profiles: StigMetadata[]
 }
 
diff --git a/test/sample_data/checklist/metadata.json b/test/sample_data/checklist/metadata.json
index c38207bea..210729252 100644
--- a/test/sample_data/checklist/metadata.json
+++ b/test/sample_data/checklist/metadata.json
@@ -1 +1 @@
-{"benchmark":{"title":"My title","version":"1.0.0","plaintext":"This is my release"},"stigid":null,"role":"Domain Controller","type":"Computing","hostname":"localhost","ip":null,"mac":null,"tech_area":"Other Review","target_key":null,"web_or_database":false,"web_db_site":null,"web_db_instance":null}
\ No newline at end of file
+{"benchmark":{"title":"Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6","version":"1.0.0","releasenumber":"2","releasedate":"06/07/24"},"marking":"CUI","hostname":"localhost","hostip":"127.0.0.1","hostmac":"","hostfqdn":"","targetcomment":"","role":"Domain Controller","assettype":"Computing","techarea":"Other Review","stigguid":"","targetkey":"","webordatabase":false,"webdbsite":"","webdbinstance":""}
\ No newline at end of file
diff --git a/test/sample_data/checklist/red_hat_good.ckl b/test/sample_data/checklist/red_hat_good.ckl
index 92850bf21..192ff290b 100644
--- a/test/sample_data/checklist/red_hat_good.ckl
+++ b/test/sample_data/checklist/red_hat_good.ckl
@@ -1,101 +1,96 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--DISA STIG Viewer :: 2.14-->
-<CHECKLIST>
-	<ASSET>
-		<ROLE>None</ROLE>
-		<ASSET_TYPE>Computing</ASSET_TYPE>
-		<HOST_NAME></HOST_NAME>
-		<HOST_IP></HOST_IP>
-		<HOST_MAC></HOST_MAC>
-		<HOST_FQDN></HOST_FQDN>
-		<TARGET_COMMENT></TARGET_COMMENT>
-		<TECH_AREA></TECH_AREA>
-		<TARGET_KEY>0</TARGET_KEY>
-		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
-		<WEB_DB_SITE></WEB_DB_SITE>
-		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
-	</ASSET>
-	<STIGS>
-		<iSTIG>
-			<STIG_INFO>
-				<SI_DATA>
-					<SID_NAME>version</SID_NAME>
-					<SID_DATA>1</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>classification</SID_NAME>
-					<SID_DATA>UNCLASSIFIED</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>customname</SID_NAME>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>stigid</SID_NAME>
-					<SID_DATA>Red Hat Enterprise Linux 7 STIG</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>description</SID_NAME>
-					<SID_DATA>File Name: red_hat_good.json
-Version: 2.6.0
-SHA256 Hash: 6c28e36e632170e646f6b39f4c728be3ed456e3d0e511ed942afb42ff3670360
-Maintainer: MITRE SAF Team
-Copyright: MITRE, 2020
-Copyright Email: saf@groups.mitre.org
-Control Count: 247</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>filename</SID_NAME>
-					<SID_DATA>red_hat_good.json</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>releaseinfo</SID_NAME>
-					<SID_DATA></SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>title</SID_NAME>
-					<SID_DATA>Red Hat Enterprise Linux 7 STIG</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>uuid</SID_NAME>
-					<SID_DATA>b08904d9-939d-4eaf-822a-3697776e9f3a</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>notice</SID_NAME>
-					<SID_DATA>terms-of-use</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>source</SID_NAME>
-				</SI_DATA>
-			</STIG_INFO>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71973</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86597r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--Heimdall Version :: 2.10.8-->
+<CHECKLIST>
+	<ASSET>
+		<ROLE>None</ROLE>
+		<ASSET_TYPE>Computing</ASSET_TYPE>
+		<MARKING></MARKING>
+		<HOST_NAME></HOST_NAME>
+		<HOST_IP></HOST_IP>
+		<HOST_MAC></HOST_MAC>
+		<HOST_FQDN></HOST_FQDN>
+		<TARGET_COMMENT></TARGET_COMMENT>
+		<TECH_AREA></TECH_AREA>
+		<TARGET_KEY></TARGET_KEY>
+		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
+		<WEB_DB_SITE></WEB_DB_SITE>
+		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
+	</ASSET>
+	<STIGS>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>2</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+					<SID_DATA>{"hdfSpecificData":{"attributes":[{"name":"disable_slow_controls","options":{"value":true}},{"name":"monitor_kernel_log","options":{"value":true}},{"name":"rpm_verify_perms_except","options":{"type":"Array","value":[]}},{"name":"rpm_verify_integrity_except","options":{"type":"Array","value":[]}},{"name":"banner_message_enabled","options":{"type":"String","value":"true"}},{"name":"log_aggregation_server","options":{"value":false}},{"name":"application_groups","options":{"type":"Array","value":[]}},{"name":"x11_enabled","options":{"value":false}},{"name":"user_accounts","options":{"type":"Array","value":[]}},{"name":"known_system_accounts","options":{"type":"Array","value":["root","bin","daemon","adm","lp","sync","shutdown","halt","mail","operator","nobody","systemd-bus-proxy"]}},{"name":"dconf_user","options":{"type":"String","value":"nil"}},{"name":"banner_message_text_gui","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_gui_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"banner_message_text_cli","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_cli_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"banner_message_text_ral","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_ral_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"lock_delay","options":{"type":"Numeric","value":5}},{"name":"difok","options":{"type":"Numeric","value":8}},{"name":"min_reuse_generations","options":{"type":"Numeric","value":5}},{"name":"min_len","options":{"type":"Numeric","value":15}},{"name":"days_of_inactivity","options":{"type":"Numeric","value":0}},{"name":"unsuccessful_attempts","options":{"type":"Numeric","value":3}},{"name":"fail_interval","options":{"type":"Numeric","value":900}},{"name":"lockout_time","options":{"value":604800}},{"name":"file_integrity_tool","options":{"type":"String","value":"aide"}},{"name":"file_integrity_interval","options":{"type":"String","value":"weekly"}},{"name":"system_activity_timeout","options":{"type":"Numeric","value":600}},{"name":"client_alive_interval","options":{"type":"Numeric","value":600}},{"name":"smart_card_status","options":{"type":"String","value":"enabled"}},{"name":"log_pkg_path","options":{"type":"String","value":"/etc/rsyslog.conf"}},{"name":"exempt_home_users","options":{"type":"Array","value":[]}},{"name":"grub_main_cfg","options":{"type":"String","value":"/boot/grub2/grub.cfg"}},{"name":"grub_uefi_main_cfg","options":{"type":"String","value":"/boot/efi/EFI/redhat/grub.cfg"}},{"name":"grub_superuser","options":{"type":"String","value":"root"}},{"name":"grub_user_boot_files","options":{"type":"Array","value":["/boot/grub2/user.cfg"]}},{"name":"grub_uefi_user_boot_files","options":{"type":"Array","value":["/boot/efi/EFI/redhat/user.cfg"]}},{"name":"efi_superusers","options":{"type":"Array","value":["root"]}},{"name":"admin_logins","options":{"type":"Array","value":[]}},{"name":"max_rety","options":{"type":"Numeric","value":3}},{"name":"mfa_pkg_list","options":{"type":"Array","value":["nss-tools","nss-pam-ldapd","esc","pam_pkcs11","pam_krb5","opensc","pcsc-lite-ccid","gdm","authconfig","authconfig-gtk","krb5-libs","krb5-workstation","krb5-pkinit","pcsc-lite","pcsc-lite-libs"]}},{"name":"multifactor_enabled","options":{"type":"String","value":"true"}},{"name":"non_interactive_shells","options":{"type":"Array","value":["/sbin/nologin","/sbin/halt","/sbin/shutdown","/bin/false","/bin/sync","/bin/true"]}},{"name":"randomize_va_space","options":{"type":"Numeric","value":2}},{"name":"non_removable_media_fs","options":{"type":"Array","value":["xfs","ext4","swap","tmpfs"]}},{"name":"approved_tunnels","options":{"type":"Array","value":[]}},{"name":"virtual_machine","options":{"value":false}},{"name":"max_retry","options":{"type":"Numeric","value":3}},{"name":"firewalld_services","options":{"type":"Array","value":[]}},{"name":"firewalld_hosts_allow","options":{"type":"Array","value":[]}},{"name":"firewalld_hosts_deny","options":{"type":"Array","value":[]}},{"name":"firewalld_ports_allow","options":{"type":"Array","value":[]}},{"name":"firewalld_ports_deny","options":{"type":"Array","value":[]}},{"name":"tcpwrappers_allow","options":{"type":"Hash","value":{}}},{"name":"tcpwrappers_deny","options":{"type":"Hash","value":{}}},{"name":"iptables_rules","options":{"type":"Array","value":[]}},{"name":"firewalld_services_deny","options":{"type":"Hash","value":{}}},{"name":"firewalld_zones","options":{"type":"Array","value":[]}},{"name":"maxlogins_limit","options":{"type":"Numeric","value":10}},{"name":"custom_antivirus","options":{"type":"Boolean","value":false}},{"name":"custom_antivirus_description","options":{"type":"String","value":"None"}},{"name":"custom_hips","options":{"type":"Boolean","value":false}},{"name":"custom_hips_description","options":{"type":"String","value":"An6yTr21kC"}},{"name":"max_daemon_processes","options":{"type":"Numeric","value":1}},{"name":"aide_exclude_patterns","options":{"type":"Array","value":[]}},{"name":"terminal_mux_pkgs","options":{"type":"Array","value":["tmux","screen"]}},{"name":"disallowed_accounts","options":{"value":["games","gopher","ftp"]}},{"name":"grub_superusers","options":{"value":["root"]}},{"name":"efi_user_boot_files","options":{"value":["/boot/efi/EFI/redhat/user.cfg"]}},{"name":"efi_main_cfg","options":{"value":"/boot/efi/EFI/redhat/grub.cfg"}}],"copyright":"MITRE, 2020","copyright_email":"saf@groups.mitre.org","maintainer":"MITRE SAF Team","version":"2.6.0"}}</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>Red Hat Enterprise Linux 7 STIG</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>The Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems.  Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+					<SID_DATA>Release: 6</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>Apache-2.0</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71973</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86597r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that a file integrity tool verifies the baseline operating system configuration
-at least weekly.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+at least weekly.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unauthorized changes to the baseline configuration could make the
 system vulnerable to various attacks or allow unauthorized access to the
 operating system. Changes to operating system configurations can have
@@ -103,17 +98,17 @@ unintended side effects, some of which may be relevant to security.
 
     Detecting such changes and providing an automated response can help avoid
 unintended, negative consequences that could ultimately affect the security
-state of the operating system. The operating system&#39;s Information Management
-Officer (IMO)&#x2F;Information System Security Officer (ISSO) and System
-Administrators (SAs) must be notified via email and&#x2F;or monitoring system trap
-when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+state of the operating system. The operating system's Information Management
+Officer (IMO)/Information System Security Officer (ISSO) and System
+Administrators (SAs) must be notified via email and/or monitoring system trap
+when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system routinely checks the baseline configuration for
 unauthorized changes.
 
@@ -136,308 +131,296 @@ command used in the example will use a daily occurrence.
 the file integrity application. For example, if AIDE is installed on the
 system, use the following command:
 
-    # ls -al &#x2F;etc&#x2F;cron.* | grep aide
+    # ls -al /etc/cron.* | grep aide
     -rwxr-xr-x 1 root root 29 Nov 22 2015 aide
 
-    # grep aide &#x2F;etc&#x2F;crontab &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root
-    &#x2F;etc&#x2F;crontab: 30 04 * * * &#x2F;root&#x2F;aide
-    &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root: 30 04 * * * &#x2F;root&#x2F;aide
+    # grep aide /etc/crontab /var/spool/cron/root
+    /etc/crontab: 30 04 * * * /root/aide
+    /var/spool/cron/root: 30 04 * * * /root/aide
 
     If the file integrity application does not exist, or a script file
 controlling the execution of the file integrity application does not exist,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to run automatically on the system at
 least weekly. The following example output is generic. It will set cron to run
 AIDE daily, but other file integrity tools may be used:
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-    #!&#x2F;bin&#x2F;bash
-
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bfe7499a-6b0b-4bec-b0a4-4dc49a4ad2a9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-File &#x2F;etc&#x2F;cron.daily&#x2F;aide is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81017</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95729r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/cron.daily/aide
+    #!/bin/bash
+
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71973\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat a file integrity tool verifies the baseline operating system configuration\nat least weekly.\"\n  desc  \"Unauthorized changes to the baseline configuration could make the\nsystem vulnerable to various attacks or allow unauthorized access to the\noperating system. Changes to operating system configurations can have\nunintended side effects, some of which may be relevant to security.\n\n    Detecting such changes and providing an automated response can help avoid\nunintended, negative consequences that could ultimately affect the security\nstate of the operating system. The operating system's Information Management\nOfficer (IMO)/Information System Security Officer (ISSO) and System\nAdministrators (SAs) must be notified via email and/or monitoring system trap\nwhen there is an unauthorized modification of a configuration item.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system routinely checks the baseline configuration for\nunauthorized changes.\n\n    Note: A file integrity tool other than Advanced Intrusion Detection\nEnvironment (AIDE) may be used, but the tool must be executed at least once per\nweek.\n\n    Check to see if AIDE is installed on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the SA how file integrity checks are\nperformed on the system.\n\n    Check for the presence of a cron job running daily or weekly on the system\nthat executes AIDE daily to scan for changes to the system baseline. The\ncommand used in the example will use a daily occurrence.\n\n    Check the cron directories for a script file controlling the execution of\nthe file integrity application. For example, if AIDE is installed on the\nsystem, use the following command:\n\n    # ls -al /etc/cron.* | grep aide\n    -rwxr-xr-x 1 root root 29 Nov 22 2015 aide\n\n    # grep aide /etc/crontab /var/spool/cron/root\n    /etc/crontab: 30 04 * * * /root/aide\n    /var/spool/cron/root: 30 04 * * * /root/aide\n\n    If the file integrity application does not exist, or a script file\ncontrolling the execution of the file integrity application does not exist,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to run automatically on the system at\nleast weekly. The following example output is generic. It will set cron to run\nAIDE daily, but other file integrity tools may be used:\n\n    # more /etc/cron.daily/aide\n    #!/bin/bash\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000363-GPOS-00150\"\n  tag gid: \"V-71973\"\n  tag rid: \"SV-86597r2_rule\"\n  tag stig_id: \"RHEL-07-020030\"\n  tag fix_id: \"F-78325r2_fix\"\n  tag cci: [\"CCI-001744\"]\n  tag nist: [\"CM-3 (5)\", \"Rev_4\"]\n\n  file_integrity_tool = input('file_integrity_tool')\n  file_integrity_interval = input('file_integrity_interval')\n\n  describe package(file_integrity_tool) do\n    it { should be_installed }\n  end\n\n  if file_integrity_interval == 'monthly'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.monthly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('months') { should cmp '*' }\n          its('weekdays') { should cmp '*' }\n        end\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('months') { should cmp '*' }\n        its('weekdays') { should cmp '*' }\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n      end\n    end\n  elsif file_integrity_interval == 'weekly'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n      end\n    end\n  elsif file_integrity_interval == 'daily'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n          its('weekdays') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n        its('weekdays') { should cmp '*' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST File /etc/cron.daily/aide is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81017</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95729r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must configure the
-au-remote plugin to off-load audit logs using the audisp-remote daemon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+au-remote plugin to off-load audit logs using the audisp-remote daemon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
 storage capacity.
 
-    Without the configuration of the &quot;au-remote&quot; plugin, the audisp-remote
-daemon will not off load the logs from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the &quot;au-remote&quot; plugin is configured to always off-load audit logs
+    Without the configuration of the "au-remote" plugin, the audisp-remote
+daemon will not off load the logs from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the "au-remote" plugin is configured to always off-load audit logs
 using the audisp-remote daemon:
 
-    # cat &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf | grep -v &quot;^#&quot;
+    # cat /etc/audisp/plugins.d/au-remote.conf | grep -v "^#"
 
-    active &#x3D; yes
-    direction &#x3D; out
-    path &#x3D; &#x2F;sbin&#x2F;audisp-remote
-    type &#x3D; always
-    format &#x3D; string
+    active = yes
+    direction = out
+    path = /sbin/audisp-remote
+    type = always
+    format = string
 
-    If the &quot;direction&quot; setting is not set to &quot;out&quot;, or the line is
+    If the "direction" setting is not set to "out", or the line is
 commented out, this is a finding.
 
-    If the &quot;path&quot; setting is not set to &quot;&#x2F;sbin&#x2F;audisp-remote&quot;, or the line
+    If the "path" setting is not set to "/sbin/audisp-remote", or the line
 is commented out, this is a finding.
 
-    If the &quot;type&quot; setting is not set to &quot;always&quot;, or the line is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf file and add or update the
+    If the "type" setting is not set to "always", or the line is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the
 following values:
 
-    direction &#x3D; out
-    path &#x3D; &#x2F;sbin&#x2F;audisp-remote
-    type &#x3D; always
+    direction = out
+    path = /sbin/audisp-remote
+    type = always
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8206cbe8-1a67-4905-8b1c-5ecac93caa69</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95717r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010482</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81017\" do\n  title \"The Red Hat Enterprise Linux operating system must configure the\nau-remote plugin to off-load audit logs using the audisp-remote daemon.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    Without the configuration of the \\\"au-remote\\\" plugin, the audisp-remote\ndaemon will not off load the logs from the system being audited.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the \\\"au-remote\\\" plugin is configured to always off-load audit logs\nusing the audisp-remote daemon:\n\n    # cat /etc/audisp/plugins.d/au-remote.conf | grep -v \\\"^#\\\"\n\n    active = yes\n    direction = out\n    path = /sbin/audisp-remote\n    type = always\n    format = string\n\n    If the \\\"direction\\\" setting is not set to \\\"out\\\", or the line is\ncommented out, this is a finding.\n\n    If the \\\"path\\\" setting is not set to \\\"/sbin/audisp-remote\\\", or the line\nis commented out, this is a finding.\n\n    If the \\\"type\\\" setting is not set to \\\"always\\\", or the line is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the\nfollowing values:\n\n    direction = out\n    path = /sbin/audisp-remote\n    type = always\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81017\"\n  tag rid: \"SV-95729r1_rule\"\n  tag stig_id: \"RHEL-07-030201\"\n  tag fix_id: \"F-87851r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  test_file = '/etc/audisp/plugins.d/au-remote.conf'\n\n  if file(test_file).exist?\n    describe parse_config_file(test_file) do\n      its('direction') { should match %r{out$} }\n      its('path') { should match %r{/sbin/audisp-remote$} }\n      its('type') { should match %r{always$} }\n    end\n  else\n    describe \"File '#{test_file}' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '#{test_file}' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95717r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010482</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems version 7.2 or newer with a
-Basic Input&#x2F;Output System (BIOS) must require authentication upon booting into
-single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Basic Input/Output System (BIOS) must require authentication upon booting into
+single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use UEFI, this is Not Applicable.
 
     For systems that are running a version of RHEL prior to 7.2, this is Not
@@ -446,22 +429,22 @@ Applicable.
     Check to see if an encrypted root password is set. On systems that use a
 BIOS, use the following command:
 
-    # grep -iw grub2_password &#x2F;boot&#x2F;grub2&#x2F;user.cfg
-    GRUB2_PASSWORD&#x3D;grub.pbkdf2.sha512.[password_hash]
+    # grep -iw grub2_password /boot/grub2/user.cfg
+    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
-    If the root password does not begin with &quot;grub.pbkdf2.sha512&quot;, this is a
+    If the root password does not begin with "grub.pbkdf2.sha512", this is a
 finding.
 
-    Verify that the &quot;root&quot; account is set as the &quot;superusers&quot;:
+    Verify that the "root" account is set as the "superusers":
 
-    # grep -iw &quot;superusers&quot; &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-        set superusers&#x3D;&quot;root&quot;
+    # grep -iw "superusers" /boot/grub2/grub.cfg
+        set superusers="root"
         export superusers
 
-    If &quot;superusers&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "superusers" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -472,703 +455,673 @@ finding.
     Enter password:
     Confirm password:
 
-    Edit the &#x2F;boot&#x2F;grub2&#x2F;grub.cfg file and add or modify the following lines in
-the &quot;### BEGIN &#x2F;etc&#x2F;grub.d&#x2F;01_users ###&quot; section:
-
-    set superusers&#x3D;&quot;root&quot;
-    export superusers</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f6d2cfa1-f34e-4dcb-a7bb-6e6b08941e1c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;boot&#x2F;grub2&#x2F;user.cfg
-Can&#39;t find file: &#x2F;boot&#x2F;grub2&#x2F;user.cfg
---------------------------------
-passed
-Parse Config File &#x2F;boot&#x2F;grub2&#x2F;grub.cfg set superusers is expected to cmp &#x3D;&#x3D; &quot;\&quot;root\&quot;&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71957</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86581r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Edit the /boot/grub2/grub.cfg file and add or modify the following lines in
+the "### BEGIN /etc/grub.d/01_users ###" section:
+
+    set superusers="root"
+    export superusers</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81005\" do\n  title \"Red Hat Enterprise Linux operating systems version 7.2 or newer with a\nBasic Input/Output System (BIOS) must require authentication upon booting into\nsingle-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use UEFI, this is Not Applicable.\n\n    For systems that are running a version of RHEL prior to 7.2, this is Not\nApplicable.\n\n    Check to see if an encrypted root password is set. On systems that use a\nBIOS, use the following command:\n\n    # grep -iw grub2_password /boot/grub2/user.cfg\n    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]\n\n    If the root password does not begin with \\\"grub.pbkdf2.sha512\\\", this is a\nfinding.\n\n    Verify that the \\\"root\\\" account is set as the \\\"superusers\\\":\n\n    # grep -iw \\\"superusers\\\" /boot/grub2/grub.cfg\n        set superusers=\\\"root\\\"\n        export superusers\n\n    If \\\"superusers\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-setpassword\n    Enter password:\n    Confirm password:\n\n    Edit the /boot/grub2/grub.cfg file and add or modify the following lines in\nthe \\\"### BEGIN /etc/grub.d/01_users ###\\\" section:\n\n    set superusers=\\\"root\\\"\n    export superusers\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-81005\"\n  tag rid: \"SV-95717r1_rule\"\n  tag stig_id: \"RHEL-07-010482\"\n  tag fix_id: \"F-87839r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  if file('/sys/firmware/efi').exist?\n    impact 0.0\n    describe \"System running UEFI\" do\n      skip \"The System is running UEFI, this control is Not Applicable.\"\n    end\n  else\n    unless os[:release] &gt;= \"7.2\"\n      impact 0.0\n      describe \"System running version of RHEL prior to 7.2\" do\n        skip \"The System is running an outdated version of RHEL, this control is Not Applicable.\"\n      end\n    else\n      impact 0.7\n      input('grub_user_boot_files').each do |grub_user_file|\n        describe parse_config_file(grub_user_file) do\n          its('GRUB2_PASSWORD') { should include \"grub.pbkdf2.sha512\"}\n        end\n      end\n\n      describe parse_config_file(input('grub_main_cfg')) do\n        its('set superusers') { should cmp '\"root\"' }  \n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /boot/grub2/user.cfg :: SKIP_MESSAGE Can't find file: /boot/grub2/user.cfg
+--------------------------------
+passed :: TEST Parse Config File /boot/grub2/grub.cfg set superusers is expected to cmp == "\"root\""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71957</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86581r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow users to
-override SSH environment variables.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+override SSH environment variables.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow users to override environment
 variables to the SSH daemon.
 
-    Check for the value of the &quot;PermitUserEnvironment&quot; keyword with the
+    Check for the value of the "PermitUserEnvironment" keyword with the
 following command:
 
-    # grep -i permituserenvironment &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i permituserenvironment /etc/ssh/sshd_config
     PermitUserEnvironment no
 
-    If the &quot;PermitUserEnvironment&quot; keyword is not set to &quot;no&quot;, is missing,
-or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PermitUserEnvironment" keyword is not set to "no", is missing,
+or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow users to override environment
 variables to the SSH daemon.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for
-&quot;PermitUserEnvironment&quot; keyword and set the value to &quot;no&quot;:
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for
+"PermitUserEnvironment" keyword and set the value to "no":
 
     PermitUserEnvironment no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>32ada761-6572-4a8e-9889-d1475b04985d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitUserEnvironment is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77823</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92519r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010481</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71957\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow users to\noverride SSH environment variables.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow users to override environment\nvariables to the SSH daemon.\n\n    Check for the value of the \\\"PermitUserEnvironment\\\" keyword with the\nfollowing command:\n\n    # grep -i permituserenvironment /etc/ssh/sshd_config\n    PermitUserEnvironment no\n\n    If the \\\"PermitUserEnvironment\\\" keyword is not set to \\\"no\\\", is missing,\nor is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow users to override environment\nvariables to the SSH daemon.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for\n\\\"PermitUserEnvironment\\\" keyword and set the value to \\\"no\\\":\n\n    PermitUserEnvironment no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71957\"\n  tag rid: \"SV-86581r3_rule\"\n  tag stig_id: \"RHEL-07-010460\"\n  tag fix_id: \"F-78309r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitUserEnvironment') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitUserEnvironment is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77823</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92519r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010481</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must require
-authentication upon booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication upon booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
-maintenance mode is granted privileged access to all files on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintenance mode is granted privileged access to all files on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must require authentication upon booting into
 single-user and maintenance modes.
 
     Check that the operating system requires authentication upon booting into
 single-user mode with the following command:
 
-    # grep -i execstart &#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service | grep -i sulogin
+    # grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin
 
-    ExecStart&#x3D;-&#x2F;bin&#x2F;sh -c &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin; &#x2F;usr&#x2F;bin&#x2F;systemctl --fail
---no-block default&quot;
+    ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail
+--no-block default"
 
-    If &quot;ExecStart&quot; does not have &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin&quot; as an option, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ExecStart" does not have "/usr/sbin/sulogin" as an option, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require authentication upon booting into
 single-user and maintenance modes.
 
-    Add or modify the &quot;ExecStart&quot; line in
-&quot;&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service&quot; to include &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin&quot;:
-
-    ExecStart&#x3D;-&#x2F;bin&#x2F;sh -c &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin; &#x2F;usr&#x2F;bin&#x2F;systemctl --fail
---no-block default&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e772e738-6f2a-4ad9-aa64-dd981c6244fc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i execstart &#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service&#x60; stdout.strip is expected to match &#x2F;\&#x2F;usr\&#x2F;sbin\&#x2F;sulogin&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72243</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86867r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the "ExecStart" line in
+"/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin":
+
+    ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail
+--no-block default"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77823\" do\n  title \"The Red Hat Enterprise Linux operating system must require\nauthentication upon booting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must require authentication upon booting into\nsingle-user and maintenance modes.\n\n    Check that the operating system requires authentication upon booting into\nsingle-user mode with the following command:\n\n    # grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin\n\n    ExecStart=-/bin/sh -c \\\"/usr/sbin/sulogin; /usr/bin/systemctl --fail\n--no-block default\\\"\n\n    If \\\"ExecStart\\\" does not have \\\"/usr/sbin/sulogin\\\" as an option, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require authentication upon booting into\nsingle-user and maintenance modes.\n\n    Add or modify the \\\"ExecStart\\\" line in\n\\\"/usr/lib/systemd/system/rescue.service\\\" to include \\\"/usr/sbin/sulogin\\\":\n\n    ExecStart=-/bin/sh -c \\\"/usr/sbin/sulogin; /usr/bin/systemctl --fail\n--no-block default\\\"\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-77823\"\n  tag rid: \"SV-92519r2_rule\"\n  tag stig_id: \"RHEL-07-010481\"\n  tag fix_id: \"F-84523r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  describe command(\"grep -i execstart /usr/lib/systemd/system/rescue.service\") do\n    its('stdout.strip') { should match %r{/usr/sbin/sulogin} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i execstart /usr/lib/systemd/system/rescue.service` stdout.strip is expected to match /\/usr\/sbin\/sulogin/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72243</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86867r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not allow authentication using rhosts authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not allow authentication using rhosts authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not allow authentication using known hosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;IgnoreRhosts&quot; option is set, run the
+    To determine how the SSH daemon's "IgnoreRhosts" option is set, run the
 following command:
 
-    # grep -i IgnoreRhosts &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i IgnoreRhosts /etc/ssh/sshd_config
 
     IgnoreRhosts yes
 
-    If the value is returned as &quot;no&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "no", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using known hosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;yes&quot;:
-
-    IgnoreRhosts yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a143abd7-9ded-4334-bf6d-05a814c6b4c8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration IgnoreRhosts is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-79001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93707r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030821</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "yes":
+
+    IgnoreRhosts yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72243\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using rhosts authentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not allow authentication using known hosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"IgnoreRhosts\\\" option is set, run the\nfollowing command:\n\n    # grep -i IgnoreRhosts /etc/ssh/sshd_config\n\n    IgnoreRhosts yes\n\n    If the value is returned as \\\"no\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using known hosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"yes\\\":\n\n    IgnoreRhosts yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72243\"\n  tag rid: \"SV-86867r3_rule\"\n  tag stig_id: \"RHEL-07-040350\"\n  tag fix_id: \"F-78597r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('IgnoreRhosts') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration IgnoreRhosts is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-79001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93707r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030821</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the finit_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the finit_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;finit_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "finit_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw finit_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw finit_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S finit_module -k module-change
+    -a always,exit -F arch=b32 -S finit_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S finit_module -k module-change
+    -a always,exit -F arch=b64 -S finit_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;finit_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"finit_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;finit_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S finit_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S finit_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b22fceeb-9187-4cd9-9aa5-64b5af9bbc23</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86591r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "finit_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S finit_module -k module-change
+
+    -a always,exit -F arch=b64 -S finit_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-79001\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe finit_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"finit_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw finit_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S finit_module -k module-change\n\n    -a always,exit -F arch=b64 -S finit_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"finit_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"finit_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S finit_module -k module-change\n\n    -a always,exit -F arch=b64 -S finit_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-79001\"\n  tag rid: \"SV-93707r3_rule\"\n  tag stig_id: \"RHEL-07-030821\"\n  tag fix_id: \"F-85751r3_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"finit_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"finit_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86591r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
-rsh-server package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+rsh-server package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is detrimental for operating systems to provide, or install by
 default, functionality exceeding requirements or mission objectives. These
 unnecessary capabilities or services are often overlooked and therefore may
@@ -1185,147 +1138,142 @@ does not provide for the confidentiality and integrity of user passwords or the
 remote session and has very weak authentication.
 
     If a privileged user were to log on using this service, the privileged user
-password could be compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+password could be compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if the rsh-server package is installed with the following
 command:
 
     # yum list installed rsh-server
 
-    If the rsh-server package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the rsh-server package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
 removing the rsh-server package from the system with the following command:
 
-    # yum remove rsh-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f51f75ad-34dd-4cdc-ad0f-146c36fe0473</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package rsh-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72301</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86925r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove rsh-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71967\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\nrsh-server package installed.\"\n  desc  \"It is detrimental for operating systems to provide, or install by\ndefault, functionality exceeding requirements or mission objectives. These\nunnecessary capabilities or services are often overlooked and therefore may\nremain unsecured. They increase the risk to the platform by providing\nadditional attack vectors.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services, provided by default, may not be\nnecessary to support essential organizational operations (e.g., key missions,\nfunctions).\n\n    The rsh-server service provides an unencrypted remote access service that\ndoes not provide for the confidentiality and integrity of user passwords or the\nremote session and has very weak authentication.\n\n    If a privileged user were to log on using this service, the privileged user\npassword could be compromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if the rsh-server package is installed with the following\ncommand:\n\n    # yum list installed rsh-server\n\n    If the rsh-server package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the rsh-server package from the system with the following command:\n\n    # yum remove rsh-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-71967\"\n  tag rid: \"SV-86591r2_rule\"\n  tag stig_id: \"RHEL-07-020000\"\n  tag fix_id: \"F-78319r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package(\"rsh-server\") do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package rsh-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72301</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86925r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
 Trivial File Transfer Protocol (TFTP) server package installed if not required
-for operational support.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+for operational support.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If TFTP is required for operational support (such as the transmission
 of router configurations) its use must be documented with the Information
 System Security Officer (ISSO), restricted to only authorized personnel, and
-have access control rules established.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+have access control rules established.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify a TFTP server has not been installed on the system.
 
     Check to see if a TFTP server has been installed with the following command:
@@ -1334,793 +1282,759 @@ have access control rules established.</ATTRIBUTE_DATA>
     tftp-server-0.49-9.el7.x86_64.rpm
 
     If TFTP is installed and the requirement for TFTP is not documented with
-the ISSO, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+the ISSO, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove the TFTP package from the system with the following command:
 
-# yum remove tftp-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6507887c-c4d5-4ad9-86b0-2536aec92d04</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package tftp-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72147</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86771r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum remove tftp-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72301\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\nTrivial File Transfer Protocol (TFTP) server package installed if not required\nfor operational support.\"\n  desc  \"If TFTP is required for operational support (such as the transmission\nof router configurations) its use must be documented with the Information\nSystem Security Officer (ISSO), restricted to only authorized personnel, and\nhave access control rules established.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify a TFTP server has not been installed on the system.\n\n    Check to see if a TFTP server has been installed with the following command:\n\n    # yum list installed tftp-server\n    tftp-server-0.49-9.el7.x86_64.rpm\n\n    If TFTP is installed and the requirement for TFTP is not documented with\nthe ISSO, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove the TFTP package from the system with the following command:\n\n    # yum remove tftp-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72301\"\n  tag rid: \"SV-86925r2_rule\"\n  tag stig_id: \"RHEL-07-040700\"\n  tag fix_id: \"F-78655r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe package('tftp-server') do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package tftp-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72147</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86771r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
-records for all successful account access events.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records for all successful account access events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when successful account
 access events occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -i &#x2F;var&#x2F;log&#x2F;lastlog &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /var/log/lastlog /etc/audit/audit.rules
 
-    -w &#x2F;var&#x2F;log&#x2F;lastlog -p wa -k logins
+    -w /var/log/lastlog -p wa -k logins
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when successful
 account access events occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;var&#x2F;log&#x2F;lastlog -p wa -k logins
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>be38adb6-51b5-4981-9b46-bab71c6aabc7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;log&#x2F;lastlog&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;log&#x2F;lastlog&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71921</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86545r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /var/log/lastlog -p wa -k logins
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72147\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all successful account access events.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when successful account\naccess events occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -i /var/log/lastlog /etc/audit/audit.rules\n\n    -w /var/log/lastlog -p wa -k logins\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when successful\naccount access events occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /var/log/lastlog -p wa -k logins\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000470-GPOS-00214\",\n\"SRG-OS-000473-GPOS-00218\"]\n  tag gid: \"V-72147\"\n  tag rid: \"SV-86771r3_rule\"\n  tag stig_id: \"RHEL-07-030620\"\n  tag fix_id: \"F-78499r3_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/var/log/lastlog'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/var/log/lastlog" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/var/log/lastlog" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71921</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86545r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-use the shadow file to store only encrypted representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+use the shadow file to store only encrypted representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the system&#39;s shadow file is configured to store only encrypted
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the system's shadow file is configured to store only encrypted
 representations of passwords. The strength of encryption that must be used to
 hash passwords for all accounts is SHA512.
 
     Check that the system is configured to create SHA512 hashed passwords with
 the following command:
 
-    # grep -i encrypt &#x2F;etc&#x2F;login.defs
+    # grep -i encrypt /etc/login.defs
     ENCRYPT_METHOD SHA512
 
-    If the &quot;&#x2F;etc&#x2F;login.defs&quot; configuration file does not exist or allows for
-password hashes other than SHA512 to be used, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "/etc/login.defs" configuration file does not exist or allows for
+password hashes other than SHA512 to be used, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add or update the following line in &quot;&#x2F;etc&#x2F;login.defs&quot;:
-
-    ENCRYPT_METHOD SHA512</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>266f5304-5074-4ca2-a29d-16dc0c81de77</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs ENCRYPT_METHOD is expected to cmp &#x3D;&#x3D; &quot;SHA512&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86829r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030910</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following line in "/etc/login.defs":
+
+    ENCRYPT_METHOD SHA512</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71921\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nuse the shadow file to store only encrypted representations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system's shadow file is configured to store only encrypted\nrepresentations of passwords. The strength of encryption that must be used to\nhash passwords for all accounts is SHA512.\n\n    Check that the system is configured to create SHA512 hashed passwords with\nthe following command:\n\n    # grep -i encrypt /etc/login.defs\n    ENCRYPT_METHOD SHA512\n\n    If the \\\"/etc/login.defs\\\" configuration file does not exist or allows for\npassword hashes other than SHA512 to be used, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add or update the following line in \\\"/etc/login.defs\\\":\n\n    ENCRYPT_METHOD SHA512\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71921\"\n  tag rid: \"SV-86545r2_rule\"\n  tag stig_id: \"RHEL-07-010210\"\n  tag fix_id: \"F-78273r1_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('ENCRYPT_METHOD') { should cmp \"SHA512\" }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs ENCRYPT_METHOD is expected to cmp == "SHA512"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86829r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030910</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unlink syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unlink syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlink&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlink" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw unlink &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw unlink /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;unlink&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"unlink" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlink&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlink" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4bc4a70f-7bc2-4b8c-9021-ac09d24b0def</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86735r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72205\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unlink syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlink\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw unlink /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"unlink\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlink\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72205\"\n  tag rid: \"SV-86829r5_rule\"\n  tag stig_id: \"RHEL-07-030910\"\n  tag fix_id: \"F-78559r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"unlink\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"unlink\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "unlink" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72111</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86735r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "setxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw setxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw setxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;setxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"setxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "setxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4f0fd0c6-69d8-479b-81b2-a99521c31e71</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71961</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86585r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72111\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw setxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"setxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72111\"\n  tag rid: \"SV-86735r5_rule\"\n  tag stig_id: \"RHEL-07-030440\"\n  tag fix_id: \"F-78463r8_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"setxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"setxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71961</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86585r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems prior to version 7.2 with a
-Basic Input&#x2F;Output System (BIOS) must require authentication upon booting into
-single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Basic Input/Output System (BIOS) must require authentication upon booting into
+single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use UEFI, this is Not Applicable.
     For systems that are running RHEL 7.2 or newer, this is Not Applicable.
 
     Check to see if an encrypted root password is set. On systems that use a
 BIOS, use the following command:
 
-    # grep -i password_pbkdf2 &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grep -i password_pbkdf2 /boot/grub2/grub.cfg
 
     password_pbkdf2 [superusers-account] [password-hash]
 
-    If the root password entry does not begin with &quot;password_pbkdf2&quot;, this is
+    If the root password entry does not begin with "password_pbkdf2", this is
 a finding.
 
-    If the &quot;superusers-account&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "superusers-account" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -2134,140 +2048,131 @@ a finding.
     PBKDF2 hash of your password is
 grub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
 
-    Edit &quot;&#x2F;etc&#x2F;grub.d&#x2F;40_custom&quot; and add the following lines below the
+    Edit "/etc/grub.d/40_custom" and add the following lines below the
 comments:
 
-    # vi &#x2F;etc&#x2F;grub.d&#x2F;40_custom
+    # vi /etc/grub.d/40_custom
 
-    set superusers&#x3D;&quot;root&quot;
+    set superusers="root"
 
     password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}
 
-    Generate a new &quot;grub.conf&quot; file with the new password with the following
+    Generate a new "grub.conf" file with the new password with the following
 commands:
 
-    # grub2-mkconfig --output&#x3D;&#x2F;tmp&#x2F;grub2.cfg
-    # mv &#x2F;tmp&#x2F;grub2.cfg &#x2F;boot&#x2F;grub2&#x2F;grub.cfg</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bd86b573-d02b-4836-a573-5eaa92a29dcf</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-There must be only one grub2 superuser, and it must have the value root length is expected to cmp &#x3D;&#x3D; 1
---------------------------------
-passed
-There must be only one grub2 superuser, and it must have the value root first is expected to cmp &#x3D;&#x3D; &quot;root&quot;
---------------------------------
-passed
-The grub2 superuser password entry must begin with &#39;password_pbkdf2&#39; is expected to include &quot;password_pbkdf2&quot;
---------------------------------
-passed
-The grub2 superuser password entry must begin with &#39;password_pbkdf2&#39; length is expected to be &gt;&#x3D; 1
---------------------------------
-passed
-The grub2 superuser account password should be encrypted with pbkdf2. is expected to match &#x2F;password_pbkdf2\sroot\sgrub\.pbkdf2&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72295</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86919r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grub2-mkconfig --output=/tmp/grub2.cfg
+    # mv /tmp/grub2.cfg /boot/grub2/grub.cfg</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71961\" do\n  title \"Red Hat Enterprise Linux operating systems prior to version 7.2 with a\nBasic Input/Output System (BIOS) must require authentication upon booting into\nsingle-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use UEFI, this is Not Applicable.\n    For systems that are running RHEL 7.2 or newer, this is Not Applicable.\n\n    Check to see if an encrypted root password is set. On systems that use a\nBIOS, use the following command:\n\n    # grep -i password_pbkdf2 /boot/grub2/grub.cfg\n\n    password_pbkdf2 [superusers-account] [password-hash]\n\n    If the root password entry does not begin with \\\"password_pbkdf2\\\", this is\na finding.\n\n    If the \\\"superusers-account\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-mkpasswd-pbkdf2\n\n    Enter Password:\n    Reenter Password:\n    PBKDF2 hash of your password is\ngrub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45\n\n    Edit \\\"/etc/grub.d/40_custom\\\" and add the following lines below the\ncomments:\n\n    # vi /etc/grub.d/40_custom\n\n    set superusers=\\\"root\\\"\n\n    password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}\n\n    Generate a new \\\"grub.conf\\\" file with the new password with the following\ncommands:\n\n    # grub2-mkconfig --output=/tmp/grub2.cfg\n    # mv /tmp/grub2.cfg /boot/grub2/grub.cfg\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-71961\"\n  tag rid: \"SV-86585r6_rule\"\n  tag stig_id: \"RHEL-07-010480\"\n  tag fix_id: \"F-78313r3_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  grub_superuser = input('grub_superuser')\n  grub_user_boot_files = input('grub_user_boot_files')\n  grub_main_cfg = input('grub_main_cfg')\n\n  grub_main_content = file(grub_main_cfg).content\n\n  # Check if any additional superusers are set\n  pattern = %r{\\s*set superusers=\\\"(\\w+)\\\"}i\n  matches = grub_main_content.match(pattern)\n  superusers = matches.nil? ? [] : matches.captures\n  describe \"There must be only one grub2 superuser, and it must have the value #{grub_superuser}\" do\n    subject { superusers }\n    its('length') { should cmp 1 }\n    its('first') { should cmp grub_superuser }\n  end\n\n  # Need each password entry that has the superuser\n  pattern = %r{(.*)\\s#{grub_superuser}\\s}i\n  matches = grub_main_content.match(pattern)\n  password_entries = matches.nil? ? [] : matches.captures\n  # Each of the entries should start with password_pbkdf2\n  describe 'The grub2 superuser password entry must begin with \\'password_pbkdf2\\'' do\n    subject { password_entries }\n    its('length') { is_expected.to be &gt;= 1}\n    password_entries.each do |entry|\n      subject { entry }\n      it { should include 'password_pbkdf2'}\n    end\n  end\n\n  # Get lines such as 'password_pbkdf2 root ${ENV}'\n  pattern = %r{password_pbkdf2\\s#{grub_superuser}\\s(\\${\\w+})}i\n  matches = grub_main_content.match(pattern)\n  env_vars = matches.nil? ? [] : matches.captures\n  if env_vars.length &gt; 0\n    # If there is an environment variable in the configuration file check that it is set with correct values by looking\n    # in user.cfg files.\n    env_vars = env_vars.map { |env_var| env_var.gsub(/[${}]/, '') }\n    present_user_boot_files = grub_user_boot_files.select { |user_boot_file| file(user_boot_file).exist? }\n    describe 'grub2 user configuration files for the superuser should be present if they set an environment variable' do\n      subject { present_user_boot_files }\n      its('length') { is_expected.to be &gt;= 1 }\n      present_user_boot_files.each do |user_boot_file|\n        env_vars.each do |env_var|\n          describe \"#{user_boot_file} should set #{env_var} to a pbkdf2 value\" do\n              subject { file(user_boot_file) }\n              its('content') { should match %r{^#{env_var}=grub.pbkdf2}i }\n          end\n        end\n      end\n    end\n  else\n    # If there are no environment variable set, look for pbkdf2 after the superuser name\n    pattern = %r{password_pbkdf2\\s#{grub_superuser}\\sgrub\\.pbkdf2}i\n    describe 'The grub2 superuser account password should be encrypted with pbkdf2.' do\n      subject { grub_main_content }\n      it { should match pattern }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST There must be only one grub2 superuser, and it must have the value root length is expected to cmp == 1
+--------------------------------
+passed :: TEST There must be only one grub2 superuser, and it must have the value root first is expected to cmp == "root"
+--------------------------------
+passed :: TEST The grub2 superuser password entry must begin with 'password_pbkdf2' is expected to include "password_pbkdf2"
+--------------------------------
+passed :: TEST The grub2 superuser password entry must begin with 'password_pbkdf2' length is expected to be &gt;= 1
+--------------------------------
+passed :: TEST The grub2 superuser account password should be encrypted with pbkdf2. is expected to match /password_pbkdf2\sroot\sgrub\.pbkdf2/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72295</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86919r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Network interfaces configured on the Red Hat Enterprise Linux
-operating system must not be in promiscuous mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+operating system must not be in promiscuous mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Network interfaces in promiscuous mode allow for the capture of all
 network traffic visible to the system. If unauthorized individuals can access
 these applications, it may allow then to collect information such as logon IDs,
@@ -2275,14 +2180,14 @@ passwords, and key exchanges between systems.
 
     If the system is being used to perform a network troubleshooting function,
 the use of these tools must be documented with the Information System Security
-Officer (ISSO) and restricted to only authorized personnel.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Officer (ISSO) and restricted to only authorized personnel.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify network interfaces are not in promiscuous mode unless approved by
 the ISSO and documented.
 
@@ -2291,312 +2196,302 @@ the ISSO and documented.
     # ip link | grep -i promisc
 
     If network interfaces are found on the system in promiscuous mode and their
-use has not been approved by the ISSO and documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+use has not been approved by the ISSO and documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure network interfaces to turn off promiscuous mode unless approved
 by the ISSO and documented.
 
     Set the promiscuous mode of an interface to off with the following command:
 
-    #ip link set dev &lt;devicename&gt; multicast off promisc off</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1534be7b-f312-48f8-86c7-8608c13543c5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;ip link | grep -i promisc&#x60; stdout.strip is expected to match &#x2F;^$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86667r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #ip link set dev &lt;devicename&gt; multicast off promisc off</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72295\" do\n  title \"Network interfaces configured on the Red Hat Enterprise Linux\noperating system must not be in promiscuous mode.\"\n  desc  \"Network interfaces in promiscuous mode allow for the capture of all\nnetwork traffic visible to the system. If unauthorized individuals can access\nthese applications, it may allow then to collect information such as logon IDs,\npasswords, and key exchanges between systems.\n\n    If the system is being used to perform a network troubleshooting function,\nthe use of these tools must be documented with the Information System Security\nOfficer (ISSO) and restricted to only authorized personnel.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify network interfaces are not in promiscuous mode unless approved by\nthe ISSO and documented.\n\n    Check for the status with the following command:\n\n    # ip link | grep -i promisc\n\n    If network interfaces are found on the system in promiscuous mode and their\nuse has not been approved by the ISSO and documented, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure network interfaces to turn off promiscuous mode unless approved\nby the ISSO and documented.\n\n    Set the promiscuous mode of an interface to off with the following command:\n\n    #ip link set dev &lt;devicename&gt; multicast off promisc off\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72295\"\n  tag rid: \"SV-86919r2_rule\"\n  tag stig_id: \"RHEL-07-040670\"\n  tag fix_id: \"F-78649r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command(\"ip link | grep -i promisc\") do\n    its('stdout.strip') { should match %r{^$} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `ip link | grep -i promisc` stdout.strip is expected to match /^$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86667r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent files with
 the setuid and setgid bit set from being executed on file systems that are used
-with removable media.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+with removable media.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are used for removable media are mounted with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Check the file systems that are mounted at boot time with the following
 command:
 
-    # more &#x2F;etc&#x2F;fstab
+    # more /etc/fstab
 
-    UUID&#x3D;2bc871e4-e2a3-4f29-9ece-3be60c835222 &#x2F;mnt&#x2F;usbflash vfat
+    UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat
 noauto,owner,ro,nosuid 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to removable media and it
-does not have the &quot;nosuid&quot; option set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that are associated with removable media.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>293726a1-a312-4f85-a121-23c25073db6d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File system &quot;xfs&quot; does not correspond to removable media. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72081</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000046-GPOS-00022</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86705r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If a file system found in "/etc/fstab" refers to removable media and it
+does not have the "nosuid" option set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that are associated with removable media.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72043\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent files with\nthe setuid and setgid bit set from being executed on file systems that are used\nwith removable media.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are used for removable media are mounted with the\n\\\"nosuid\\\" option.\n\n    Check the file systems that are mounted at boot time with the following\ncommand:\n\n    # more /etc/fstab\n\n    UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat\nnoauto,owner,ro,nosuid 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to removable media and it\ndoes not have the \\\"nosuid\\\" option set, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that are associated with removable media.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72043\"\n  tag rid: \"SV-86667r2_rule\"\n  tag stig_id: \"RHEL-07-021010\"\n  tag fix_id: \"F-78395r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  non_removable_media_fs = input('non_removable_media_fs')\n\n  file_systems = etc_fstab.params\n  if !file_systems.nil? and !file_systems.empty?\n    file_systems.each do |file_sys_line|\n      if !\"#{non_removable_media_fs}\".include?(file_sys_line['file_system_type']) then\n        describe file_sys_line['mount_options'] do\n          it { should include 'nosuid' }\n        end\n      else\n        describe \"File system \\\"#{file_sys_line['file_system_type']}\\\" does not correspond to removable media.\" do\n          subject { \"#{non_removable_media_fs}\".include?(file_sys_line['file_system_type']) }\n          it { should eq true }\n        end\n      end\n    end\n  else\n    describe \"No file systems were found.\" do\n      subject { file_systems.nil? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File system "xfs" does not correspond to removable media. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72081</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000046-GPOS-00022</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86705r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must shut down upon
 audit processing failure, unless availability is an overriding concern. If
 availability is a concern, the system must alert the designated staff (System
 Administrator [SA] and Information System Security Officer [ISSO] at a minimum)
-in the event of an audit processing failure.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+in the event of an audit processing failure.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is critical for the appropriate personnel to be aware if a system
 is at risk of failing to process audit logs as required. Without this
 notification, the security personnel may be unaware of an impending failure of
 the audit capability, and system operation may be adversely affected.
 
-    Audit processing failures include software&#x2F;hardware errors, failures in the
+    Audit processing failures include software/hardware errors, failures in the
 audit capturing mechanisms, and audit storage capacity being reached or
 exceeded.
 
     This requirement applies to each audit data storage repository (i.e.,
 distinct information system component where audit records are stored), the
 centralized audit storage capacity of organizations (i.e., all audit data
-storage repositories combined), or both.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage repositories combined), or both.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Confirm the audit configuration regarding how auditing processing failures
 are handled.
 
-    Check to see what level &quot;auditctl&quot; is set to with following command:
+    Check to see what level "auditctl" is set to with following command:
 
-    # auditctl -s | grep -i &quot;fail&quot;
+    # auditctl -s | grep -i "fail"
 
     failure 2
 
-    If the value of &quot;failure&quot; is set to &quot;2&quot;, the system is configured to
+    If the value of "failure" is set to "2", the system is configured to
 panic (shut down) in the event of an auditing failure.
 
-    If the value of &quot;failure&quot; is set to &quot;1&quot;, the system is configured to
+    If the value of "failure" is set to "1", the system is configured to
 only send information to the kernel log regarding the failure.
 
-    If the &quot;failure&quot; setting is not set, this is a CAT I finding.
+    If the "failure" setting is not set, this is a CAT I finding.
 
-    If the &quot;failure&quot; setting is set to any value other than &quot;1&quot; or &quot;2&quot;,
+    If the "failure" setting is set to any value other than "1" or "2",
 this is a CAT II finding.
 
-    If the &quot;failure&quot; setting is set to &quot;1&quot; but the availability concern is
+    If the "failure" setting is set to "1" but the availability concern is
 not documented or there is no monitoring of the kernel log, this is a CAT III
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to shut down in the event of an audit
 processing failure.
 
@@ -2605,7 +2500,7 @@ following command:
 
     # auditctl -f 2
 
-    Edit the &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot; file and add the following line:
+    Edit the "/etc/audit/rules.d/audit.rules" file and add the following line:
 
     -f 2
 
@@ -2616,556 +2511,534 @@ with the following command:
 
     # auditctl -f 1
 
-    Edit the &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot; file and add the following line:
+    Edit the "/etc/audit/rules.d/audit.rules" file and add the following line:
 
     -f 1
 
     Kernel log monitoring must also be configured to properly alert designated
 staff.
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9639449b-60e5-46ef-a901-9df4a5e0dbe0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-2 is expected to match &#x2F;^(1|2)$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72277</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86901r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040540</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72081\" do\n  title \"The Red Hat Enterprise Linux operating system must shut down upon\naudit processing failure, unless availability is an overriding concern. If\navailability is a concern, the system must alert the designated staff (System\nAdministrator [SA] and Information System Security Officer [ISSO] at a minimum)\nin the event of an audit processing failure.\"\n  desc  \"It is critical for the appropriate personnel to be aware if a system\nis at risk of failing to process audit logs as required. Without this\nnotification, the security personnel may be unaware of an impending failure of\nthe audit capability, and system operation may be adversely affected.\n\n    Audit processing failures include software/hardware errors, failures in the\naudit capturing mechanisms, and audit storage capacity being reached or\nexceeded.\n\n    This requirement applies to each audit data storage repository (i.e.,\ndistinct information system component where audit records are stored), the\ncentralized audit storage capacity of organizations (i.e., all audit data\nstorage repositories combined), or both.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Confirm the audit configuration regarding how auditing processing failures\nare handled.\n\n    Check to see what level \\\"auditctl\\\" is set to with following command:\n\n    # auditctl -s | grep -i \\\"fail\\\"\n\n    failure 2\n\n    If the value of \\\"failure\\\" is set to \\\"2\\\", the system is configured to\npanic (shut down) in the event of an auditing failure.\n\n    If the value of \\\"failure\\\" is set to \\\"1\\\", the system is configured to\nonly send information to the kernel log regarding the failure.\n\n    If the \\\"failure\\\" setting is not set, this is a CAT I finding.\n\n    If the \\\"failure\\\" setting is set to any value other than \\\"1\\\" or \\\"2\\\",\nthis is a CAT II finding.\n\n    If the \\\"failure\\\" setting is set to \\\"1\\\" but the availability concern is\nnot documented or there is no monitoring of the kernel log, this is a CAT III\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to shut down in the event of an audit\nprocessing failure.\n\n    Add or correct the option to shut down the operating system with the\nfollowing command:\n\n    # auditctl -f 2\n\n    Edit the \\\"/etc/audit/rules.d/audit.rules\\\" file and add the following line:\n\n    -f 2\n\n    If availability has been determined to be more important, and this decision\nis documented with the ISSO, configure the operating system to notify system\nadministration staff and ISSO staff in the event of an audit processing failure\nwith the following command:\n\n    # auditctl -f 1\n\n    Edit the \\\"/etc/audit/rules.d/audit.rules\\\" file and add the following line:\n\n    -f 1\n\n    Kernel log monitoring must also be configured to properly alert designated\nstaff.\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000046-GPOS-00022\"\n  tag satisfies: [\"SRG-OS-000046-GPOS-00022\", \"SRG-OS-000047-GPOS-00023\"]\n  tag gid: \"V-72081\"\n  tag rid: \"SV-86705r4_rule\"\n  tag stig_id: \"RHEL-07-030010\"\n  tag fix_id: \"F-78433r2_fix\"\n  tag cci: [\"CCI-000139\"]\n  tag nist: [\"AU-5 a\", \"Rev_4\"]\n\n  monitor_kernel_log = input('monitor_kernel_log')\n\n  if auditd.status['failure'].nil?\n    impact 0.7\n  elsif auditd.status['failure'].match?(%r{^1$}) &amp;&amp; !monitor_kernel_log\n    impact 0.3\n  else\n    impact 0.5\n  end\n\n  if !monitor_kernel_log\n    describe auditd.status['failure'] do\n      it { should match %r{^2$} }\n    end\n  else\n    describe auditd.status['failure'] do\n      it { should match %r{^(1|2)$} }\n    end\n  end\nend"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST 2 is expected to match /^(1|2)$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72277</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86901r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040540</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not contain .shosts
-files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The .shosts files are used to configure host-based authentication for
 individual users or the system via SSH. Host-based authentication is not
 sufficient for preventing unauthorized access to the system, as it does not
 require interactive identification and authentication of a connection request,
-or for the use of two-factor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify there are no &quot;.shosts&quot; files on the system.
+or for the use of two-factor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify there are no ".shosts" files on the system.
 
     Check the system for the existence of these files with the following
 command:
 
-    # find &#x2F; -name &#39;*.shosts&#39;
-
-    If any &quot;.shosts&quot; files are found on the system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove any found &quot;.shosts&quot; files from the system.
-
-# rm &#x2F;[path]&#x2F;[to]&#x2F;[file]&#x2F;.shosts</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2e0e7bec-02ed-4568-813f-3170a6735e5e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -name &#39;*.shosts&#39;&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72185</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00215</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86809r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030810</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # find / -name '*.shosts'
+
+    If any ".shosts" files are found on the system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove any found ".shosts" files from the system.
+
+# rm /[path]/[to]/[file]/.shosts</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72277\" do\n  title \"The Red Hat Enterprise Linux operating system must not contain .shosts\nfiles.\"\n  desc  \"The .shosts files are used to configure host-based authentication for\nindividual users or the system via SSH. Host-based authentication is not\nsufficient for preventing unauthorized access to the system, as it does not\nrequire interactive identification and authentication of a connection request,\nor for the use of two-factor authentication.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify there are no \\\".shosts\\\" files on the system.\n\n    Check the system for the existence of these files with the following\ncommand:\n\n    # find / -name '*.shosts'\n\n    If any \\\".shosts\\\" files are found on the system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove any found \\\".shosts\\\" files from the system.\n\n    # rm /[path]/[to]/[file]/.shosts\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72277\"\n  tag rid: \"SV-86901r2_rule\"\n  tag stig_id: \"RHEL-07-040540\"\n  tag fix_id: \"F-78631r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command(\"find / -xautofs -name '*.shosts'\") do\n    its('stdout.strip') { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -name '*.shosts'` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72185</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00215</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86809r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030810</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the pam_timestamp_check command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the pam_timestamp_check command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
-responsible for one.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+responsible for one.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;pam_timestamp_check&quot; command
+successful/unsuccessful attempts to use the "pam_timestamp_check" command
 occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &quot;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "/usr/sbin/pam_timestamp_check" /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-pam
+    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-pam
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;pam_timestamp_check&quot; command
+successful/unsuccessful attempts to use the "pam_timestamp_check" command
 occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-pam
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fd2405a5-6a99-44dd-b350-2f48329c5f8b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;sbin&#x2F;pam_timestamp_check&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;sbin&#x2F;pam_timestamp_check&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72055</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86679r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021120</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-pam
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72185\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe pam_timestamp_check command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"pam_timestamp_check\\\" command\noccur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw \\\"/usr/sbin/pam_timestamp_check\\\" /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-pam\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"pam_timestamp_check\\\" command\noccur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-pam\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00215\"\n  tag gid: \"V-72185\"\n  tag rid: \"SV-86809r4_rule\"\n  tag stig_id: \"RHEL-07-030810\"\n  tag fix_id: \"F-78539r4_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  audit_file = '/sbin/pam_timestamp_check'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/sbin/pam_timestamp_check" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/sbin/pam_timestamp_check" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72055</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86679r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021120</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cron.allow file, if it exists, is group-owned by root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the group owner of the &quot;cron.allow&quot; file is not set to root,
-sensitive information could be viewed or edited by unauthorized users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;cron.allow&quot; file is group-owned by root.
-
-    Check the group owner of the &quot;cron.allow&quot; file with the following command:
-
-    # ls -al &#x2F;etc&#x2F;cron.allow
-    -rw------- 1 root root 6 Mar  5  2011 &#x2F;etc&#x2F;cron.allow
-
-    If the &quot;cron.allow&quot; file exists and has a group owner other than root,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the group owner on the &quot;&#x2F;etc&#x2F;cron.allow&quot; file to root with the
+that the cron.allow file, if it exists, is group-owned by root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the group owner of the "cron.allow" file is not set to root,
+sensitive information could be viewed or edited by unauthorized users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "cron.allow" file is group-owned by root.
+
+    Check the group owner of the "cron.allow" file with the following command:
+
+    # ls -al /etc/cron.allow
+    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow
+
+    If the "cron.allow" file exists and has a group owner other than root,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the group owner on the "/etc/cron.allow" file to root with the
 following command:
 
-    # chgrp root &#x2F;etc&#x2F;cron.allow</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>07197847-1505-4c24-88cb-bea7b2ae3853</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;cron.allow group is expected to eq &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71997</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86621r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020250</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chgrp root /etc/cron.allow</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72055\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cron.allow file, if it exists, is group-owned by root.\"\n  desc  \"If the group owner of the \\\"cron.allow\\\" file is not set to root,\nsensitive information could be viewed or edited by unauthorized users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"cron.allow\\\" file is group-owned by root.\n\n    Check the group owner of the \\\"cron.allow\\\" file with the following command:\n\n    # ls -al /etc/cron.allow\n    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow\n\n    If the \\\"cron.allow\\\" file exists and has a group owner other than root,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the group owner on the \\\"/etc/cron.allow\\\" file to root with the\nfollowing command:\n\n    # chgrp root /etc/cron.allow\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72055\"\n  tag rid: \"SV-86679r2_rule\"\n  tag stig_id: \"RHEL-07-021120\"\n  tag fix_id: \"F-78407r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    # case where file doesn't exist\n    describe file('/etc/cron.allow') do\n      it { should_not exist }\n    end\n    # case where file exists\n    describe file('/etc/cron.allow') do\n      its('group') { should eq 'root' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/cron.allow group is expected to eq "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71997</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86621r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020250</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be a vendor
-supported release.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>An operating system release is considered &quot;supported&quot; if the vendor
+supported release.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>An operating system release is considered "supported" if the vendor
 continues to provide security patches for the product. With an unsupported
 release, it will not be possible to resolve security issues discovered in the
-system software.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system software.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the version of the operating system is vendor supported.
 
 Check the version of the operating system with the following command:
 
-# cat &#x2F;etc&#x2F;redhat-release
+# cat /etc/redhat-release
 
 Red Hat Enterprise Linux Server release 7.4 (Maipo)
 
@@ -3183,120 +3056,115 @@ Current End of Life for RHEL 7.6 is 31 October 2020.
 
 Current End of Life for RHEL 7.7 is 30 August 2021.
 
-If the release is not supported by the vendor, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Upgrade to a supported version of the operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>88b9f2ca-3f23-4cf2-b154-99fae4010d78</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;redhat-release content is expected to match &#x2F;Release (6.7*|7.[2-9].*)&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71907</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000071-GPOS-00039</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86531r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010140</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+If the release is not supported by the vendor, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Upgrade to a supported version of the operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71997\" do\n  title \"The Red Hat Enterprise Linux operating system must be a vendor\nsupported release.\"\n  desc  \"An operating system release is considered \\\"supported\\\" if the vendor\ncontinues to provide security patches for the product. With an unsupported\nrelease, it will not be possible to resolve security issues discovered in the\nsystem software.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the version of the operating system is vendor supported.\n\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    Red Hat Enterprise Linux Server release 7.4 (Maipo)\n\n    Current End of Life for RHEL 7.1 is 31 March 2017.\n\n    Current End of Life for RHEL 7.2 is 30 November 2017.\n\n    Current End of Life for RHEL 7.3 is 30 November 2018.\n\n    Current End of Life for RHEL 7.4 is 31 August 2019.\n\n    Current End of Life for RHEL 7.5 is 30 April 2020.\n\n    Current End of Life for RHEL 7.6 is 31 October 2020.\n\n    Current End of Life for RHEL 7.7 is 30 August 2021.\n\n    If the release is not supported by the vendor, this is a finding.\n  \"\n  desc  \"fix\", \"Upgrade to a supported version of the operating system.\"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71997\"\n  tag rid: \"SV-86621r5_rule\"\n  tag stig_id: \"RHEL-07-020250\"\n  tag fix_id: \"F-78349r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe file('/etc/redhat-release') do\n    its('content') { should match %r{Release (6.7*|7.[2-9].*)}i }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/redhat-release content is expected to match /Release (6.7*|7.[2-9].*)/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71907</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000071-GPOS-00039</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86531r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010140</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are assigned, the new password
-must contain at least one numeric character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must contain at least one numeric character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -3305,146 +3173,141 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of numeric characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;dcredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "dcredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep dcredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    dcredit &#x3D; -1
+    # grep dcredit /etc/security/pwquality.conf
+    dcredit = -1
 
-    If the value of &quot;dcredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "dcredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one numeric character be used by setting the &quot;dcredit&quot; option.
+that at least one numeric character be used by setting the "dcredit" option.
 
-    Add the following line to &#x2F;etc&#x2F;security&#x2F;pwquality.conf (or modify the line
+    Add the following line to /etc/security/pwquality.conf (or modify the line
 to have the required value):
 
-    dcredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9af97beb-b0b6-4bcc-a94f-241c12f5ae31</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf dcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71991</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86615r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    dcredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71907\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are assigned, the new password\nmust contain at least one numeric character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of numeric characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"dcredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep dcredit /etc/security/pwquality.conf\n    dcredit = -1\n\n    If the value of \\\"dcredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one numeric character be used by setting the \\\"dcredit\\\" option.\n\n    Add the following line to /etc/security/pwquality.conf (or modify the line\nto have the required value):\n\n    dcredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000071-GPOS-00039\"\n  tag gid: \"V-71907\"\n  tag rid: \"SV-86531r3_rule\"\n  tag stig_id: \"RHEL-07-010140\"\n  tag fix_id: \"F-78259r1_fix\"\n  tag cci: [\"CCI-000194\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('dcredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf dcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71991</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86615r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable the SELinux
-targeted policy.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+targeted policy.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without verification of the security functions, security functions may
 not operate correctly and the failure may go unnoticed. Security function is
-defined as the hardware, software, and&#x2F;or firmware of the information system
+defined as the hardware, software, and/or firmware of the information system
 responsible for enforcing the system security policy and supporting the
 isolation of code and data on which the protection is based. Security
 functionality includes, but is not limited to, establishing system accounts,
@@ -3452,30 +3315,30 @@ configuring access authorizations (i.e., permissions, privileges), setting
 events to be audited, and setting intrusion detection parameters.
 
     This requirement applies to operating systems performing security function
-verification&#x2F;testing and&#x2F;or systems and environments that require this
-functionality.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+verification/testing and/or systems and environments that require this
+functionality.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system verifies correct operation of all security
 functions.
 
-    Check if &quot;SELinux&quot; is active and is enforcing the targeted policy with
+    Check if "SELinux" is active and is enforcing the targeted policy with
 the following command:
 
     # sestatus
 
     SELinux status: enabled
 
-    SELinuxfs mount: &#x2F;selinux
+    SELinuxfs mount: /selinux
 
-    SELinux root directory: &#x2F;etc&#x2F;selinux
+    SELinux root directory: /etc/selinux
 
     Loaded policy name: targeted
 
@@ -3489,297 +3352,287 @@ the following command:
 
     Max kernel policy version: 28
 
-    If the &quot;Loaded policy name&quot; is not set to &quot;targeted&quot;, this is a finding.
+    If the "Loaded policy name" is not set to "targeted", this is a finding.
 
-    Verify that the &#x2F;etc&#x2F;selinux&#x2F;config file is configured to the
-&quot;SELINUXTYPE&quot; to &quot;targeted&quot;:
+    Verify that the /etc/selinux/config file is configured to the
+"SELINUXTYPE" to "targeted":
 
-    # grep -i &quot;selinuxtype&quot; &#x2F;etc&#x2F;selinux&#x2F;config | grep -v &#39;^#&#39;
+    # grep -i "selinuxtype" /etc/selinux/config | grep -v '^#'
 
-    SELINUXTYPE &#x3D; targeted
+    SELINUXTYPE = targeted
 
-    If no results are returned or &quot;SELINUXTYPE&quot; is not set to &quot;targeted&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If no results are returned or "SELINUXTYPE" is not set to "targeted",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify correct operation of all security
 functions.
 
-    Set the &quot;SELinuxtype&quot; to the &quot;targeted&quot; policy by modifying the
-&quot;&#x2F;etc&#x2F;selinux&#x2F;config&quot; file to have the following line:
-
-    SELINUXTYPE&#x3D;targeted
-
-    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f6a091f9-45b9-4afd-9761-9d3cfcd68f7d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;sestatus&#x60; stdout is expected to match &#x2F;^Loaded\spolicy\sname:\s+targeted\n?$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72045</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86669r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "SELinuxtype" to the "targeted" policy by modifying the
+"/etc/selinux/config" file to have the following line:
+
+    SELINUXTYPE=targeted
+
+    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71991\" do\n  title \"The Red Hat Enterprise Linux operating system must enable the SELinux\ntargeted policy.\"\n  desc  \"Without verification of the security functions, security functions may\nnot operate correctly and the failure may go unnoticed. Security function is\ndefined as the hardware, software, and/or firmware of the information system\nresponsible for enforcing the system security policy and supporting the\nisolation of code and data on which the protection is based. Security\nfunctionality includes, but is not limited to, establishing system accounts,\nconfiguring access authorizations (i.e., permissions, privileges), setting\nevents to be audited, and setting intrusion detection parameters.\n\n    This requirement applies to operating systems performing security function\nverification/testing and/or systems and environments that require this\nfunctionality.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system verifies correct operation of all security\nfunctions.\n\n    Check if \\\"SELinux\\\" is active and is enforcing the targeted policy with\nthe following command:\n\n    # sestatus\n\n    SELinux status: enabled\n\n    SELinuxfs mount: /selinux\n\n    SELinux root directory: /etc/selinux\n\n    Loaded policy name: targeted\n\n    Current mode: enforcing\n\n    Mode from config file: enforcing\n\n    Policy MLS status: enabled\n\n    Policy deny_unknown status: allowed\n\n    Max kernel policy version: 28\n\n    If the \\\"Loaded policy name\\\" is not set to \\\"targeted\\\", this is a finding.\n\n    Verify that the /etc/selinux/config file is configured to the\n\\\"SELINUXTYPE\\\" to \\\"targeted\\\":\n\n    # grep -i \\\"selinuxtype\\\" /etc/selinux/config | grep -v '^#'\n\n    SELINUXTYPE = targeted\n\n    If no results are returned or \\\"SELINUXTYPE\\\" is not set to \\\"targeted\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify correct operation of all security\nfunctions.\n\n    Set the \\\"SELinuxtype\\\" to the \\\"targeted\\\" policy by modifying the\n\\\"/etc/selinux/config\\\" file to have the following line:\n\n    SELINUXTYPE=targeted\n\n    A reboot is required for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000445-GPOS-00199\"\n  tag gid: \"V-71991\"\n  tag rid: \"SV-86615r5_rule\"\n  tag stig_id: \"RHEL-07-020220\"\n  tag fix_id: \"F-78343r2_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002696\"]\n  tag nist: [\"AC-3 (4)\", \"SI-6 a\", \"Rev_4\"]\n\n  describe.one do\n    describe command('sestatus') do\n      its('stdout') { should match %r{^Policy\\sfrom\\sconfigs\\sfile:\\s+targeted\\n?$} }\n    end\n    describe command('sestatus') do\n      its('stdout') { should match %r{^Loaded\\spolicy\\sname:\\s+targeted\\n?$} }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `sestatus` stdout is expected to match /^Loaded\spolicy\sname:\s+targeted\n?$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72045</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86669r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent files with
 the setuid and setgid bit set from being executed on file systems that are
-being imported via Network File System (NFS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+being imported via Network File System (NFS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are being NFS imported are configured with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Find the file system(s) that contain the directories being exported with
 the following command:
 
-    # more &#x2F;etc&#x2F;fstab | grep nfs
+    # more /etc/fstab | grep nfs
 
-    UUID&#x3D;e06097bb-cfcd-437b-9e4d-a691f5662a7d &#x2F;store nfs rw,nosuid 0 0
+    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,nosuid 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to NFS and it does not have
-the &quot;nosuid&quot; option set, this is a finding.
+    If a file system found in "/etc/fstab" refers to NFS and it does not have
+the "nosuid" option set, this is a finding.
 
-    Verify the NFS is mounted with the &quot;nosuid&quot; option:
+    Verify the NFS is mounted with the "nosuid" option:
 
     # mount | grep nfs | grep nosuid
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that are being imported via NFS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>32298575-1753-4e2d-9e6e-29610ea0d518</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72251</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000074-GPOS-00042</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86875r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040390</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that are being imported via NFS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72045\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent files with\nthe setuid and setgid bit set from being executed on file systems that are\nbeing imported via Network File System (NFS).\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are being NFS imported are configured with the\n\\\"nosuid\\\" option.\n\n    Find the file system(s) that contain the directories being exported with\nthe following command:\n\n    # more /etc/fstab | grep nfs\n\n    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,nosuid 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to NFS and it does not have\nthe \\\"nosuid\\\" option set, this is a finding.\n\n    Verify the NFS is mounted with the \\\"nosuid\\\" option:\n\n    # mount | grep nfs | grep nosuid\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that are being imported via NFS.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72045\"\n  tag rid: \"SV-86669r2_rule\"\n  tag stig_id: \"RHEL-07-021020\"\n  tag fix_id: \"F-78397r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |partition|\n      describe partition do\n        its('mount_options') { should include 'nosuid' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72251</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000074-GPOS-00042</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86875r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040390</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon is configured to only use the SSHv2 protocol.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon is configured to only use the SSHv2 protocol.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SSHv1 is an insecure implementation of the SSH protocol and has many
 well-known vulnerability exploits. Exploits of the SSH daemon could provide
-immediate root access to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+immediate root access to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check the version of the operating system with the following command:
 
-    # cat &#x2F;etc&#x2F;redhat-release
+    # cat /etc/redhat-release
 
     If the release is 7.4 or newer this requirement is Not Applicable.
 
@@ -3788,393 +3641,374 @@ immediate root access to the system.</ATTRIBUTE_DATA>
     Check that the SSH daemon is configured to only use the SSHv2 protocol with
 the following command:
 
-    # grep -i protocol &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i protocol /etc/ssh/sshd_config
     Protocol 2
     #Protocol 1,2
 
-    If any protocol line other than &quot;Protocol 2&quot; is uncommented, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove all Protocol lines that reference version &quot;1&quot; in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+    If any protocol line other than "Protocol 2" is uncommented, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove all Protocol lines that reference version "1" in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor). The &quot;Protocol&quot; line must be as follows:
+vendor). The "Protocol" line must be as follows:
 
     Protocol 2
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e51f08f4-8b88-483a-b191-8ec7e1503e85</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The release is 7.8
-The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71945</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86569r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72251\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon is configured to only use the SSHv2 protocol.\"\n  desc  \"SSHv1 is an insecure implementation of the SSH protocol and has many\nwell-known vulnerability exploits. Exploits of the SSH daemon could provide\nimmediate root access to the system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    If the release is 7.4 or newer this requirement is Not Applicable.\n\n    Verify the SSH daemon is configured to only use the SSHv2 protocol.\n\n    Check that the SSH daemon is configured to only use the SSHv2 protocol with\nthe following command:\n\n    # grep -i protocol /etc/ssh/sshd_config\n    Protocol 2\n    #Protocol 1,2\n\n    If any protocol line other than \\\"Protocol 2\\\" is uncommented, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Remove all Protocol lines that reference version \\\"1\\\" in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor). The \\\"Protocol\\\" line must be as follows:\n\n    Protocol 2\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000074-GPOS-00042\"\n  tag satisfies: [\"SRG-OS-000074-GPOS-00042\", \"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-72251\"\n  tag rid: \"SV-86875r4_rule\"\n  tag stig_id: \"RHEL-07-040390\"\n  tag fix_id: \"F-78605r2_fix\"\n  tag cci: [\"CCI-000197\", \"CCI-000366\"]\n  tag nist: [\"IA-5 (1) (c)\", \"CM-6 b\", \"Rev_4\"]\n\n  if os.release.to_f &gt;= 7.4\n    impact 0.0\n    describe \"The release is #{os.release}\" do\n      skip \"The release is newer than 7.4; this control is Not Applicable.\"\n    end\n  else\n    describe sshd_config do\n      its('Protocol') { should cmp '2' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The release is 7.8 :: SKIP_MESSAGE The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71945</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86569r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must lock the associated
 account after three unsuccessful root logon attempts are made within a
-15-minute period.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+15-minute period.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of
 unauthorized system access via user password guessing, otherwise known as brute
-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically locks the root account until it
 is released by an administrator when three unsuccessful logon attempts in 15
 minutes are made.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;password-auth
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    # grep pam_faillock.so /etc/pam.d/password-auth
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;even_deny_root&quot; setting is not defined on both lines with the
-&quot;pam_faillock.so&quot; module, is commented out, or is missing from a line, this
+    If the "even_deny_root" setting is not defined on both lines with the
+"pam_faillock.so" module, is commented out, or is missing from a line, this
 is a finding.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;system-auth
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    # grep pam_faillock.so /etc/pam.d/system-auth
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;even_deny_root&quot; setting is not defined on both lines with the
-&quot;pam_faillock.so&quot; module, is commented out, or is missing from a line, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "even_deny_root" setting is not defined on both lines with the
+"pam_faillock.so" module, is commented out, or is missing from a line, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to lock automatically the root account until
 the locked account is released by an administrator when three unsuccessful
 logon attempts in 15 minutes are made.
 
     Modify the first three lines of the auth section and the first line of the
-account section of the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; files to match the following lines:
+account section of the "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" files to match the following lines:
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     auth sufficient pam_unix.so try_first_pass
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>acece2eb-a5f8-4b62-9d9a-6b60158c307a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
-expected &quot;account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so&quot; to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71945\" do\n  title \"The Red Hat Enterprise Linux operating system must lock the associated\naccount after three unsuccessful root logon attempts are made within a\n15-minute period.\"\n  desc  \"By limiting the number of failed logon attempts, the risk of\nunauthorized system access via user password guessing, otherwise known as brute\nforcing, is reduced. Limits are imposed by locking the account.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically locks the root account until it\nis released by an administrator when three unsuccessful logon attempts in 15\nminutes are made.\n\n    # grep pam_faillock.so /etc/pam.d/password-auth\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"even_deny_root\\\" setting is not defined on both lines with the\n\\\"pam_faillock.so\\\" module, is commented out, or is missing from a line, this\nis a finding.\n\n    # grep pam_faillock.so /etc/pam.d/system-auth\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"even_deny_root\\\" setting is not defined on both lines with the\n\\\"pam_faillock.so\\\" module, is commented out, or is missing from a line, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to lock automatically the root account until\nthe locked account is released by an administrator when three unsuccessful\nlogon attempts in 15 minutes are made.\n\n    Modify the first three lines of the auth section and the first line of the\naccount section of the \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" files to match the following lines:\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth sufficient pam_unix.so try_first_pass\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000329-GPOS-00128\"\n  tag satisfies: [\"SRG-OS-000329-GPOS-00128\", \"SRG-OS-000021-GPOS-00005\"]\n  tag gid: \"V-71945\"\n  tag rid: \"SV-86569r4_rule\"\n  tag stig_id: \"RHEL-07-010330\"\n  tag fix_id: \"F-78297r3_fix\"\n  tag cci: [\"CCI-002238\"]\n  tag nist: [\"AC-7 b\", \"Rev_4\"]\n\n  required_lines = [\n    'auth required pam_faillock.so even_deny_root',\n    'auth sufficient pam_unix.so try_first_pass',\n    'auth [default=die] pam_faillock.so even_deny_root'\n  ]\n\n  describe pam('/etc/pam.d/password-auth') do\n    its('lines') { should match_pam_rules(required_lines) }\n    its('lines') { should match_pam_rule('auth .* pam_faillock.so (preauth|authfail)').all_with_args('even_deny_root') }\n  end\n\n  describe pam('/etc/pam.d/system-auth') do\n    its('lines') { should match_pam_rules(required_lines) }\n    its('lines') { should match_pam_rule('auth .* pam_faillock.so (preauth|authfail)').all_with_args('even_deny_root') }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"] :: MESSAGE expected "account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so" to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"]
 Diff:
 @@ -1,4 +1,28 @@
 -auth required pam_faillock.so even_deny_root
 -auth sufficient pam_unix.so try_first_pass
--auth [default&#x3D;die] pam_faillock.so even_deny_root
+-auth [default=die] pam_faillock.so even_deny_root
 +account required pam_unix.so
 +account sufficient pam_localuser.so
 +account sufficient pam_succeed_if.so uid &lt; 1000 quiet
-+account [default&#x3D;bad success&#x3D;ok user_unknown&#x3D;ignore] pam_sss.so
++account [default=bad success=ok user_unknown=ignore] pam_sss.so
 +account required pam_permit.so
 +auth required pam_env.so
-+auth [default&#x3D;1 ignore&#x3D;ignore success&#x3D;ok] pam_succeed_if.so uid &gt;&#x3D; 1000 quiet
-+auth [default&#x3D;4 ignore&#x3D;ignore success&#x3D;ok] pam_localuser.so
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [success&#x3D;1 default&#x3D;bad] pam_unix.so try_first_pass
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth sufficient pam_faillock.so authsucc deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth requisite pam_succeed_if.so uid &gt;&#x3D; 1000 quiet_success
++auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid &gt;= 1000 quiet
++auth [default=4 ignore=ignore success=ok] pam_localuser.so
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [success=1 default=bad] pam_unix.so try_first_pass
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
++auth sufficient pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900
++auth requisite pam_succeed_if.so uid &gt;= 1000 quiet_success
 +auth sufficient pam_sss.so forward_pass
 +auth required pam_deny.so
-+password requisite pam_pwquality.so try_first_pass local_users_only retry&#x3D;3 authtok_type&#x3D;
-+password requisite pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
++password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
++password requisite pam_pwhistory.so use_authtok remember=5 retry=3
 +password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
 +password sufficient pam_sss.so use_authtok
 +password required pam_deny.so
 +session optional pam_keyinit.so revoke
 +session required pam_limits.so
 +-session optional pam_systemd.so
-+session optional pam_oddjob_mkhomedir.so umask&#x3D;0077
-+session [success&#x3D;1 default&#x3D;ignore] pam_succeed_if.so service in crond quiet use_uid
++session optional pam_oddjob_mkhomedir.so umask=0077
++session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 +session required pam_unix.so
 +session optional pam_sss.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
-expected &quot;auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900\nauth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900&quot; to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root :: MESSAGE expected "auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900\nauth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900" to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
 Diff:
 @@ -1,2 +1,3 @@
 -auth .* pam_faillock.so (preauth|authfail)
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
-expected &quot;account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so&quot; to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"] :: MESSAGE expected "account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so" to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"]
 Diff:
 @@ -1,4 +1,28 @@
 -auth required pam_faillock.so even_deny_root
 -auth sufficient pam_unix.so try_first_pass
--auth [default&#x3D;die] pam_faillock.so even_deny_root
+-auth [default=die] pam_faillock.so even_deny_root
 +account required pam_unix.so
 +account sufficient pam_localuser.so
 +account sufficient pam_succeed_if.so uid &lt; 1000 quiet
-+account [default&#x3D;bad success&#x3D;ok user_unknown&#x3D;ignore] pam_sss.so
++account [default=bad success=ok user_unknown=ignore] pam_sss.so
 +account required pam_permit.so
 +auth required pam_env.so
-+auth [default&#x3D;1 ignore&#x3D;ignore success&#x3D;ok] pam_succeed_if.so uid &gt;&#x3D; 1000 quiet
-+auth [default&#x3D;4 ignore&#x3D;ignore success&#x3D;ok] pam_localuser.so
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [success&#x3D;1 default&#x3D;bad] pam_unix.so try_first_pass
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth sufficient pam_faillock.so authsucc deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth requisite pam_succeed_if.so uid &gt;&#x3D; 1000 quiet_success
++auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid &gt;= 1000 quiet
++auth [default=4 ignore=ignore success=ok] pam_localuser.so
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [success=1 default=bad] pam_unix.so try_first_pass
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
++auth sufficient pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900
++auth requisite pam_succeed_if.so uid &gt;= 1000 quiet_success
 +auth sufficient pam_sss.so forward_pass
 +auth required pam_deny.so
-+password requisite pam_pwquality.so try_first_pass local_users_only retry&#x3D;3 authtok_type&#x3D;
-+password requisite pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
++password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
++password requisite pam_pwhistory.so use_authtok remember=5 retry=3
 +password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
 +password sufficient pam_sss.so use_authtok
 +password required pam_deny.so
 +session optional pam_keyinit.so revoke
 +session required pam_limits.so
 +-session optional pam_systemd.so
-+session optional pam_oddjob_mkhomedir.so umask&#x3D;0077
-+session [success&#x3D;1 default&#x3D;ignore] pam_succeed_if.so service in crond quiet use_uid
++session optional pam_oddjob_mkhomedir.so umask=0077
++session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 +session required pam_unix.so
 +session optional pam_sss.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
-expected &quot;auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900\nauth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900&quot; to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root :: MESSAGE expected "auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900\nauth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900" to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
 Diff:
 @@ -1,2 +1,3 @@
 -auth .* pam_faillock.so (preauth|authfail)
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71861</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86485r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71861</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86485r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 approved Standard Mandatory DoD Notice and Consent Banner before granting local
-or remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+or remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -4187,7 +4021,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -4212,14 +4046,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the approved Standard Mandatory DoD
 Notice and Consent Banner before granting access to the operating system via a
 graphical user logon.
@@ -4230,9 +4064,9 @@ Applicable.
     Check that the operating system displays the exact approved Standard
 Mandatory DoD Notice and Consent Banner text with the command:
 
-    # grep banner-message-text &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    banner-message-text&#x3D;
-    &#39;You are accessing a U.S. Government (USG) Information System (IS) that is
+    # grep banner-message-text /etc/dconf/db/local.d/*
+    banner-message-text=
+    'You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.    By using this IS (which includes any device attached to this IS), you
 consent to the following conditions:    -The USG routinely intercepts and monitors communications on this IS for
 purposes including, but not limited to, penetration testing, COMSEC monitoring,
@@ -4245,16 +4079,16 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details. &#39;
+Agreement for details. '
 
-    Note: The &quot;     &quot; characters are for formatting only. They will not be displayed on the
+    Note: The "     " characters are for formatting only. They will not be displayed on the
 GUI.
 
     If the banner does not match the approved Standard Mandatory DoD Notice and
-Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the approved Standard Mandatory
 DoD Notice and Consent Banner before granting access to the system.
 
@@ -4264,16 +4098,16 @@ Applicable.
     Create a database to contain the system-wide graphical user logon settings
 (if it does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message
+    # touch /etc/dconf/db/local.d/01-banner-message
 
-    Add the following line to the [org&#x2F;gnome&#x2F;login-screen] section of the
-&quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message&quot;:
+    Add the following line to the [org/gnome/login-screen] section of the
+"/etc/dconf/db/local.d/01-banner-message":
 
-    [org&#x2F;gnome&#x2F;login-screen]
+    [org/gnome/login-screen]
 
-    banner-message-enable&#x3D;true
+    banner-message-enable=true
 
-    banner-message-text&#x3D;&#39;You are accessing a U.S. Government (USG) Information
+    banner-message-text='You are accessing a U.S. Government (USG) Information
 System (IS) that is provided for USG-authorized use only.    By using this IS (which includes any device attached to this IS), you
 consent to the following conditions:    -The USG routinely intercepts and monitors communications on this IS for
 purposes including, but not limited to, penetration testing, COMSEC monitoring,
@@ -4286,123 +4120,117 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details. &#39;
+Agreement for details. '
 
-    Note: The &quot;     &quot; characters are for formatting only. They will not be displayed on the
+    Note: The "     " characters are for formatting only. They will not be displayed on the
 GUI.
 
     Run the following command to update the database:
-    # dconf update</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8ebc2927-80b2-4077-a0c3-0a03f4b2dbbe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-        Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72217</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000027-GPOS-00008</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86841r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # dconf update</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71861\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\napproved Standard Mandatory DoD Notice and Consent Banner before granting local\nor remote access to the system via a graphical user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the approved Standard Mandatory DoD\nNotice and Consent Banner before granting access to the operating system via a\ngraphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check that the operating system displays the exact approved Standard\nMandatory DoD Notice and Consent Banner text with the command:\n\n    # grep banner-message-text /etc/dconf/db/local.d/*\n    banner-message-text=\n    'You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\\\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\\\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\\\n    -At any time, the USG may inspect and seize data stored on this IS.\\\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\\\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\\\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details. '\n\n    Note: The \\\"\\\n     \\\" characters are for formatting only. They will not be displayed on the\nGUI.\n\n    If the banner does not match the approved Standard Mandatory DoD Notice and\nConsent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the approved Standard Mandatory\nDoD Notice and Consent Banner before granting access to the system.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide graphical user logon settings\n(if it does not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/01-banner-message\n\n    Add the following line to the [org/gnome/login-screen] section of the\n\\\"/etc/dconf/db/local.d/01-banner-message\\\":\n\n    [org/gnome/login-screen]\n\n    banner-message-enable=true\n\n    banner-message-text='You are accessing a U.S. Government (USG) Information\nSystem (IS) that is provided for USG-authorized use only.\\\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\\\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\\\n    -At any time, the USG may inspect and seize data stored on this IS.\\\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\\\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\\\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details. '\n\n    Note: The \\\"\\\n     \\\" characters are for formatting only. They will not be displayed on the\nGUI.\n\n    Run the following command to update the database:\n    # dconf update\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-71861\"\n  tag rid: \"SV-86485r4_rule\"\n  tag stig_id: \"RHEL-07-010040\"\n  tag fix_id: \"F-78213r5_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    #Get all files that have the banner-message-text specified.\n    banner_files =\n      command(\"grep -l banner-message-text /etc/dconf/db/local.d/*\").stdout.split(\"\\n\")\n\n    #If there are no banner files then this is a finding.\n    banner_missing = banner_files.empty?\n    describe \"If no files specify the banner text then this is a finding\" do\n      subject { banner_missing }\n      it{should be false}\n    end if banner_missing\n\n    #If there are banner files then check them to make sure they have the correct text.\n    banner_files.each do |banner_file|\n      banner_message =\n        parse_config_file(banner_file).params(\"banner-message-text\").gsub(%r{[\\r\\n\\s]}, '')\n      #dconf expects the banner-message-text to be quoted so remove leading and trailing quote.\n      #See https://developer.gnome.org/dconf/unstable/dconf-tool.html which states:\n      #  VALUE arguments must be in GVariant format, so e.g. a string must include\n      #  explicit quotes: \"'foo'\". This format is also used when printing out values.\n      if banner_message.start_with?('\"') || banner_message.start_with?('\\'')\n        banner_message = banner_message[1,banner_message.length]\n      end\n      if banner_message.end_with?('\"') || banner_message.end_with?('\\'')\n        banner_message = banner_message.chop\n      end\n      describe.one do\n        describe banner_message do\n          it{should cmp banner_message_text_gui.gsub(%r{[\\r\\n\\s]}, '')}\n        end\n        describe banner_message do\n          it{should cmp banner_message_text_gui_limited.gsub(%r{[\\r\\n\\s]}, '')}\n        end\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n        Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+        Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72217</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000027-GPOS-00008</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86841r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must limit the number of
-concurrent sessions to 10 for all accounts and&#x2F;or account types.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+concurrent sessions to 10 for all accounts and/or account types.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Operating system management includes the ability to control the number
 of users and user sessions that utilize an operating system. Limiting the
 number of allowed users and sessions per user is helpful in reducing the risks
@@ -4411,149 +4239,143 @@ related to DoS attacks.
     This requirement addresses concurrent sessions for information system
 accounts and does not address concurrent sessions by single users via multiple
 system accounts. The maximum number of concurrent sessions should be defined
-based on mission needs and the operational environment for each system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+based on mission needs and the operational environment for each system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system limits the number of concurrent sessions to
-&quot;10&quot; for all accounts and&#x2F;or account types by issuing the following command:
+"10" for all accounts and/or account types by issuing the following command:
 
-    # grep &quot;maxlogins&quot; &#x2F;etc&#x2F;security&#x2F;limits.conf &#x2F;etc&#x2F;security&#x2F;limits.d&#x2F;*.conf
+    # grep "maxlogins" /etc/security/limits.conf /etc/security/limits.d/*.conf
 
     * hard maxlogins 10
 
     This can be set as a global domain (with the * wildcard) but may be set
 differently for multiple domains.
 
-    If the &quot;maxlogins&quot; item is missing, commented out, or the value is not
-set to &quot;10&quot; or less for all domains that have the &quot;maxlogins&quot; item
-assigned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "maxlogins" item is missing, commented out, or the value is not
+set to "10" or less for all domains that have the "maxlogins" item
+assigned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to limit the number of concurrent sessions
-to &quot;10&quot; for all accounts and&#x2F;or account types.
-
-    Add the following line to the top of the &#x2F;etc&#x2F;security&#x2F;limits.conf or in a
-&quot;.conf&quot; file defined in &#x2F;etc&#x2F;security&#x2F;limits.d&#x2F; :
-
-    * hard maxlogins 10</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bd683fc7-c366-4015-8923-5d7f95bbe9cd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files configuring maxlogins less than or equal to 10 is expected to be positive
---------------------------------
-passed
-Files configuring maxlogins greater than 10 is expected to cmp &#x3D;&#x3D; []</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86671r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+to "10" for all accounts and/or account types.
+
+    Add the following line to the top of the /etc/security/limits.conf or in a
+".conf" file defined in /etc/security/limits.d/ :
+
+    * hard maxlogins 10</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72217\" do\n  title \"The Red Hat Enterprise Linux operating system must limit the number of\nconcurrent sessions to 10 for all accounts and/or account types.\"\n  desc  \"Operating system management includes the ability to control the number\nof users and user sessions that utilize an operating system. Limiting the\nnumber of allowed users and sessions per user is helpful in reducing the risks\nrelated to DoS attacks.\n\n    This requirement addresses concurrent sessions for information system\naccounts and does not address concurrent sessions by single users via multiple\nsystem accounts. The maximum number of concurrent sessions should be defined\nbased on mission needs and the operational environment for each system.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system limits the number of concurrent sessions to\n\\\"10\\\" for all accounts and/or account types by issuing the following command:\n\n    # grep \\\"maxlogins\\\" /etc/security/limits.conf /etc/security/limits.d/*.conf\n\n    * hard maxlogins 10\n\n    This can be set as a global domain (with the * wildcard) but may be set\ndifferently for multiple domains.\n\n    If the \\\"maxlogins\\\" item is missing, commented out, or the value is not\nset to \\\"10\\\" or less for all domains that have the \\\"maxlogins\\\" item\nassigned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to limit the number of concurrent sessions\nto \\\"10\\\" for all accounts and/or account types.\n\n    Add the following line to the top of the /etc/security/limits.conf or in a\n\\\".conf\\\" file defined in /etc/security/limits.d/ :\n\n    * hard maxlogins 10\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000027-GPOS-00008\"\n  tag gid: \"V-72217\"\n  tag rid: \"SV-86841r3_rule\"\n  tag stig_id: \"RHEL-07-040000\"\n  tag fix_id: \"F-78571r2_fix\"\n  tag cci: [\"CCI-000054\"]\n  tag nist: [\"AC-10\", \"Rev_4\"]\n\n  maxlogins_limit = input('maxlogins_limit')\n\n  # Collect any files under limits.d if they exist\n  limits_files = directory('/etc/security/limits.d').exist? ? command('ls /etc/security/limits.d/*.conf').stdout.strip.lines : []\n  # Add limits.conf to the list\n  limits_files.push('/etc/security/limits.conf')\n  compliant_files = []\n  noncompliant_files = []\n\n  limits_files.each do |limits_file|\n    # Get any universal limits from each file\n    local_limits = limits_conf(limits_file).*\n    # If we got an array (results) check further\n    if local_limits.is_a?(Array)\n      local_limits.each do |temp_limit|\n        # For each result check if it is a 'hard' limit for 'maxlogins'\n        if temp_limit.include?('hard') &amp;&amp; temp_limit.include?('maxlogins')\n          # If the limit is in range, push to compliant files\n          if temp_limit[-1].to_i &lt;= maxlogins_limit\n            compliant_files.push(limits_file)\n          # Otherwise add to noncompliant files\n          else\n            noncompliant_files.push(limits_file)\n          end\n        end\n      end\n    end\n  end\n\n  # It is required that at least 1 file contain compliant configuration\n  describe \"Files configuring maxlogins less than or equal to #{maxlogins_limit}\" do\n    subject { compliant_files.length }\n    it { should be_positive }\n  end\n\n  # No files should set 'hard' 'maxlogins' to any noncompliant value\n  describe \"Files configuring maxlogins greater than #{maxlogins_limit}\" do\n    subject { noncompliant_files }\n    it { should cmp [] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files configuring maxlogins less than or equal to 10 is expected to be positive
+--------------------------------
+passed :: TEST Files configuring maxlogins greater than 10 is expected to cmp == []</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72047</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86671r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all world-writable directories are group-owned by root, sys, bin, or an
-application group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+application group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a world-writable directory has the sticky bit set and is not
 group-owned by a privileged Group Identifier (GID), unauthorized users may be
 able to modify files created by others.
@@ -4561,15 +4383,15 @@ able to modify files created by others.
     The only authorized public directories are those temporary directories
 supplied with the system or those designed to be temporary file repositories.
 The setting is normally reserved for directories used by the system and by
-users for temporary file storage, (e.g., &#x2F;tmp), and for directories requiring
-global read&#x2F;write access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+users for temporary file storage, (e.g., /tmp), and for directories requiring
+global read/write access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all world-writable directories are group-owned by root, sys, bin, or
 an application group.
 
@@ -4578,1919 +4400,1827 @@ an application group.
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
-    drwxrwxrwt 2 root root 40 Aug 26 13:07 &#x2F;dev&#x2F;mqueue
-    drwxrwxrwt 2 root root 220 Aug 26 13:23 &#x2F;dev&#x2F;shm
-    drwxrwxrwt 14 root root 4096 Aug 26 13:29 &#x2F;tmp
+    # find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
+    drwxrwxrwt 2 root root 40 Aug 26 13:07 /dev/mqueue
+    drwxrwxrwt 2 root root 220 Aug 26 13:23 /dev/shm
+    drwxrwxrwt 14 root root 4096 Aug 26 13:29 /tmp
 
     If any world-writable directories are not owned by root, sys, bin, or an
-application group associated with the directory, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+application group associated with the directory, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Change the group of the world-writable directories to root with the
 following command:
 
-    # chgrp root &lt;directory&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2a8a9c3b-95b6-47e3-8ec9-89d573ec8a7a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;var&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;var&#x2F;tmp&#x2F;cloud-init group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;var&#x2F;tmp&#x2F;systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-U8pkhb&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.XIM-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.Test-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.ICE-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.font-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.X11-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-Te8mBP&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72173</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86797r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030750</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chgrp root &lt;directory&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72047\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all world-writable directories are group-owned by root, sys, bin, or an\napplication group.\"\n  desc  \"If a world-writable directory has the sticky bit set and is not\ngroup-owned by a privileged Group Identifier (GID), unauthorized users may be\nable to modify files created by others.\n\n    The only authorized public directories are those temporary directories\nsupplied with the system or those designed to be temporary file repositories.\nThe setting is normally reserved for directories used by the system and by\nusers for temporary file storage, (e.g., /tmp), and for directories requiring\nglobal read/write access.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all world-writable directories are group-owned by root, sys, bin, or\nan application group.\n\n    Check the system for world-writable directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \\\\;\n    drwxrwxrwt 2 root root 40 Aug 26 13:07 /dev/mqueue\n    drwxrwxrwt 2 root root 220 Aug 26 13:23 /dev/shm\n    drwxrwxrwt 14 root root 4096 Aug 26 13:29 /tmp\n\n    If any world-writable directories are not owned by root, sys, bin, or an\napplication group associated with the directory, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group of the world-writable directories to root with the\nfollowing command:\n\n    # chgrp root &lt;directory&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72047\"\n  tag rid: \"SV-86671r4_rule\"\n  tag stig_id: \"RHEL-07-021030\"\n  tag fix_id: \"F-78399r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  application_groups = input('application_groups')\n\n  ww_dirs = Set[]\n  partitions = etc_fstab.params.map{|partition| partition['file_system_type']}.uniq\n  partitions.each do |part|\n    cmd = \"find / -perm -002 -xdev -type d -fstype #{part} -exec ls -lLd {} \\\\;\"\n    ww_dirs = ww_dirs + command(cmd).stdout.split(\"\\n\")\n  end\n\n  ww_dirs.to_a.each do |curr_dir|\n    dir_arr = curr_dir.split(' ')\n    describe file(dir_arr.last) do\n      its('group') { should be_in [\"root\",\"sys\",\"bin\"] + application_groups }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /var/tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /var/tmp/cloud-init group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /var/tmp/systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-U8pkhb/tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.XIM-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.Test-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.ICE-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.font-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.X11-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-Te8mBP/tmp group is expected to be in "root", "sys", and "bin"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72173</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86797r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030750</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the umount command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the umount command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged mount commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;umount&quot; command occur.
+successful/unsuccessful attempts to use the "umount" command occur.
 
     Check that the following system call is being audited by performing the
 following series of commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -iw &quot;&#x2F;usr&#x2F;bin&#x2F;umount&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "/usr/bin/umount" /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;umount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;umount&quot; command occur.
+successful/unsuccessful attempts to use the "umount" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;umount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e71f2de9-b06f-4106-b3b7-1536b3414e85</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;bin&#x2F;umount&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;bin&#x2F;umount&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72149</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86773r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72173\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe umount command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged mount commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"umount\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing series of commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw \\\"/usr/bin/umount\\\" /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"umount\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72173\"\n  tag rid: \"SV-86797r5_rule\"\n  tag stig_id: \"RHEL-07-030750\"\n  tag fix_id: \"F-78527r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/bin/umount'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/bin/umount" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/bin/umount" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72149</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86773r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the passwd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the passwd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;passwd&quot; command occur.
+successful/unsuccessful attempts to use the "passwd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;passwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/passwd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;passwd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;passwd&quot; command occur.
+successful/unsuccessful attempts to use the "passwd" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;passwd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a9ccfe07-fea5-426a-8bd6-a269d900d84d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;passwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;passwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71927</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86551r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72149\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe passwd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"passwd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/passwd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"passwd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72149\"\n  tag rid: \"SV-86773r5_rule\"\n  tag stig_id: \"RHEL-07-030630\"\n  tag fix_id: \"F-78501r6_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n  \n  audit_file = '/usr/bin/passwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/passwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/passwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71927</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86551r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are restricted to a 24 hours&#x2F;1 day minimum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are restricted to a 24 hours/1 day minimum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enforcing a minimum password lifetime helps to prevent repeated
 password changes to defeat the password reuse or history enforcement
 requirement. If users are allowed to immediately and continually change their
 password, the password could be repeatedly changed in a short period of time to
-defeat the organization&#39;s policy regarding password reuse.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+defeat the organization's policy regarding password reuse.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check whether the minimum time period between password changes for each
 user account is one day or greater.
 
-    # awk -F: &#39;$4 &lt; 1 {print $1 &quot; &quot; $4}&#39; &#x2F;etc&#x2F;shadow
+    # awk -F: '$4 &lt; 1 {print $1 " " $4}' /etc/shadow
 
     If any results are returned that are not associated with a system account,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 24 hours&#x2F;1 day minimum
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 24 hours/1 day minimum
 password lifetime:
 
-    # chage -m 1 [user]</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>91eebf62-4b86-48ce-9d66-a529353535c8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;shadow with user &#x3D;&#x3D; &quot;ec2-user&quot; min_days.first.to_i is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72105</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86729r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030410</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chage -m 1 [user]</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71927\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are restricted to a 24 hours/1 day minimum lifetime.\"\n  desc  \"Enforcing a minimum password lifetime helps to prevent repeated\npassword changes to defeat the password reuse or history enforcement\nrequirement. If users are allowed to immediately and continually change their\npassword, the password could be repeatedly changed in a short period of time to\ndefeat the organization's policy regarding password reuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check whether the minimum time period between password changes for each\nuser account is one day or greater.\n\n    # awk -F: '$4 &lt; 1 {print $1 \\\" \\\" $4}' /etc/shadow\n\n    If any results are returned that are not associated with a system account,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure non-compliant accounts to enforce a 24 hours/1 day minimum\npassword lifetime:\n\n    # chage -m 1 [user]\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000075-GPOS-00043\"\n  tag gid: \"V-71927\"\n  tag rid: \"SV-86551r2_rule\"\n  tag stig_id: \"RHEL-07-010240\"\n  tag fix_id: \"F-78279r1_fix\"\n  tag cci: [\"CCI-000198\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  shadow.users.each do |user|\n    # filtering on non-system accounts (uid &gt;= 1000)\n    next unless user(user).uid &gt;= 1000\n    describe shadow.users(user) do\n      its('min_days.first.to_i') { should cmp &gt;= 1 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/shadow with user == "ec2-user" min_days.first.to_i is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72105</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86729r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030410</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chmod syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chmod syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "chmod" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw chmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw chmod /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;chmod&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"chmod" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "chmod" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>22941c29-4e2d-4d99-a548-d60fd2521112</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72255</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86879r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040410</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72105\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chmod syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chmod\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw chmod /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"chmod\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chmod\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72105\"\n  tag rid: \"SV-86729r5_rule\"\n  tag stig_id: \"RHEL-07-030410\"\n  tag fix_id: \"F-78457r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"chmod\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"chmod\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "chmod" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72255</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86879r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040410</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH public host key files have mode 0644 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH public host key files have mode 0644 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a public host key file is modified by an unauthorized user, the SSH
-service may be compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the SSH public host key files have mode &quot;0644&quot; or less permissive.
+service may be compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the SSH public host key files have mode "0644" or less permissive.
 
     Note: SSH public key files may be found in other directories on the system
 depending on the installation.
 
     The following command will find all SSH public key files on the system:
 
-    # find &#x2F;etc&#x2F;ssh -name &#39;*.pub&#39; -exec ls -lL {} \;
+    # find /etc/ssh -name '*.pub' -exec ls -lL {} \;
 
     -rw-r--r-- 1 root root 618 Nov 28 06:43 ssh_host_dsa_key.pub
     -rw-r--r-- 1 root root 347 Nov 28 06:43 ssh_host_key.pub
     -rw-r--r-- 1 root root 238 Nov 28 06:43 ssh_host_rsa_key.pub
 
-    If any file has a mode more permissive than &quot;0644&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any file has a mode more permissive than "0644", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: SSH public key files may be found in other directories on the system
 depending on the installation.
 
-    Change the mode of public host key files under &quot;&#x2F;etc&#x2F;ssh&quot; to &quot;0644&quot;
+    Change the mode of public host key files under "/etc/ssh" to "0644"
 with the following command:
 
-    # chmod 0644 &#x2F;etc&#x2F;ssh&#x2F;*.key.pub</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5a5715d1-5333-4c8c-9264-70683d02dfb5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72087</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86711r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chmod 0644 /etc/ssh/*.key.pub</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72255\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH public host key files have mode 0644 or less permissive.\"\n  desc  \"If a public host key file is modified by an unauthorized user, the SSH\nservice may be compromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH public host key files have mode \\\"0644\\\" or less permissive.\n\n    Note: SSH public key files may be found in other directories on the system\ndepending on the installation.\n\n    The following command will find all SSH public key files on the system:\n\n    # find /etc/ssh -name '*.pub' -exec ls -lL {} \\\\;\n\n    -rw-r--r-- 1 root root 618 Nov 28 06:43 ssh_host_dsa_key.pub\n    -rw-r--r-- 1 root root 347 Nov 28 06:43 ssh_host_key.pub\n    -rw-r--r-- 1 root root 238 Nov 28 06:43 ssh_host_rsa_key.pub\n\n    If any file has a mode more permissive than \\\"0644\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Note: SSH public key files may be found in other directories on the system\ndepending on the installation.\n\n    Change the mode of public host key files under \\\"/etc/ssh\\\" to \\\"0644\\\"\nwith the following command:\n\n    # chmod 0644 /etc/ssh/*.key.pub\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72255\"\n  tag rid: \"SV-86879r2_rule\"\n  tag stig_id: \"RHEL-07-040410\"\n  tag fix_id: \"F-78609r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  pub_files = command(\"find /etc/ssh -xdev -name '*.pub' -perm /133\").stdout.split(\"\\n\")\n  if !pub_files.nil? and !pub_files.empty?\n    pub_files.each do |pubfile|\n      describe file(pubfile) do\n        it { should_not be_executable.by('owner') }\n        it { should_not be_executable.by('group') }\n        it { should_not be_writable.by('group') }\n        it { should_not be_executable.by('others') }\n        it { should_not be_writable.by('others') }\n      end\n    end\n  else\n     describe \"No files have a more permissive mode.\" do\n      subject { pub_files.nil? or pub_files.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72087</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86711r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the audit system takes appropriate action when the audit storage volume is
-full.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+full.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Taking appropriate action in case of a filled audit storage volume
-will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the action the operating system takes if the disk the audit records
 are written to becomes full.
 
     To determine the action that takes place if the disk is full on the remote
 server, use the following command:
 
-    # grep -i disk_full_action &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    disk_full_action &#x3D; single
+    # grep -i disk_full_action /etc/audisp/audisp-remote.conf
+    disk_full_action = single
 
-    If the value of the &quot;disk_full_action&quot; option is not &quot;syslog&quot;,
-&quot;single&quot;, or &quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "disk_full_action" option is not "syslog",
+"single", or "halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the action the operating system takes if the disk the audit
 records are written to becomes full.
 
-    Uncomment or edit the &quot;disk_full_action&quot; option in
-&quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; and set it to &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;, such as the following line:
-
-    disk_full_action &#x3D; single</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4391a574-ea2c-48b5-b874-175a694cf42e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
---------------------------------
-skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72259</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86883r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment or edit the "disk_full_action" option in
+"/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or
+"halt", such as the following line:
+
+    disk_full_action = single</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72087\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the audit system takes appropriate action when the audit storage volume is\nfull.\"\n  desc  \"Taking appropriate action in case of a filled audit storage volume\nwill minimize the possibility of losing audit records.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the action the operating system takes if the disk the audit records\nare written to becomes full.\n\n    To determine the action that takes place if the disk is full on the remote\nserver, use the following command:\n\n    # grep -i disk_full_action /etc/audisp/audisp-remote.conf\n    disk_full_action = single\n\n    If the value of the \\\"disk_full_action\\\" option is not \\\"syslog\\\",\n\\\"single\\\", or \\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the action the operating system takes if the disk the audit\nrecords are written to becomes full.\n\n    Uncomment or edit the \\\"disk_full_action\\\" option in\n\\\"/etc/audisp/audisp-remote.conf\\\" and set it to \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\", such as the following line:\n\n    disk_full_action = single\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag gid: \"V-72087\"\n  tag rid: \"SV-86711r3_rule\"\n  tag stig_id: \"RHEL-07-030320\"\n  tag fix_id: \"F-78439r4_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('disk_full_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\n\n# Test matches ./inspec-profiles/controls/V-73163.rb\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('network_failure_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf
+--------------------------------
+skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72259</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86883r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not permit Generic Security Service Application
-Program Interface (GSSAPI) authentication unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Program Interface (GSSAPI) authentication unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>GSSAPI authentication is used to provide additional authentication
 mechanisms to applications. Allowing GSSAPI authentication through SSH exposes
-the system&#39;s GSSAPI to remote hosts, increasing the attack surface of the
-system. GSSAPI authentication must be disabled unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the system's GSSAPI to remote hosts, increasing the attack surface of the
+system. GSSAPI authentication must be disabled unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not permit GSSAPI authentication unless approved.
 
     Check that the SSH daemon does not permit GSSAPI authentication with the
 following command:
 
-    # grep -i gssapiauth &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i gssapiauth /etc/ssh/sshd_config
     GSSAPIAuthentication no
 
-    If the &quot;GSSAPIAuthentication&quot; keyword is missing, is set to &quot;yes&quot; and
+    If the "GSSAPIAuthentication" keyword is missing, is set to "yes" and
 is not documented with the Information System Security Officer (ISSO), or the
-returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;GSSAPIAuthentication&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;
+returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "GSSAPIAuthentication" keyword in "/etc/ssh/sshd_config"
 (this file may be named differently or be in a different location if using a
 version of SSH that is provided by a third-party vendor) and set the value to
-&quot;no&quot;:
+"no":
 
     GSSAPIAuthentication no
 
     The SSH service must be restarted for changes to take effect.
 
     If GSSAPI authentication is required, it must be documented, to include the
-location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>93671f32-afc5-4554-9078-8b4b9a60af37</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration GSSAPIAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87815r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030321</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72259\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not permit Generic Security Service Application\nProgram Interface (GSSAPI) authentication unless needed.\"\n  desc  \"GSSAPI authentication is used to provide additional authentication\nmechanisms to applications. Allowing GSSAPI authentication through SSH exposes\nthe system's GSSAPI to remote hosts, increasing the attack surface of the\nsystem. GSSAPI authentication must be disabled unless needed.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not permit GSSAPI authentication unless approved.\n\n    Check that the SSH daemon does not permit GSSAPI authentication with the\nfollowing command:\n\n    # grep -i gssapiauth /etc/ssh/sshd_config\n    GSSAPIAuthentication no\n\n    If the \\\"GSSAPIAuthentication\\\" keyword is missing, is set to \\\"yes\\\" and\nis not documented with the Information System Security Officer (ISSO), or the\nreturned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"GSSAPIAuthentication\\\" keyword in \\\"/etc/ssh/sshd_config\\\"\n(this file may be named differently or be in a different location if using a\nversion of SSH that is provided by a third-party vendor) and set the value to\n\\\"no\\\":\n\n    GSSAPIAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n\n    If GSSAPI authentication is required, it must be documented, to include the\nlocation of the configuration file, with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72259\"\n  tag rid: \"SV-86883r3_rule\"\n  tag stig_id: \"RHEL-07-040430\"\n  tag fix_id: \"F-78613r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('GSSAPIAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration GSSAPIAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87815r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030321</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the audit system takes appropriate action when there is an error sending
-audit records to a remote system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+audit records to a remote system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Taking appropriate action when there is an error sending audit records
-to a remote system will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to a remote system will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the action the operating system takes if there is an error sending
 audit records to a remote system.
 
     Check the action that takes place if there is an error sending audit
 records to a remote system with the following command:
 
-    # grep -i network_failure_action &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    network_failure_action &#x3D; syslog
+    # grep -i network_failure_action /etc/audisp/audisp-remote.conf
+    network_failure_action = syslog
 
-    If the value of the &quot;network_failure_action&quot; option is not &quot;syslog&quot;,
-&quot;single&quot;, or &quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "network_failure_action" option is not "syslog",
+"single", or "halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the action the operating system takes if there is an error
 sending audit records to a remote system.
 
-    Uncomment the &quot;network_failure_action&quot; option in
-&quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; and set it to &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;.
-
-    network_failure_action &#x3D; syslog</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>39110cd2-01b3-4e4a-85b5-71f69669e24b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72289</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86913r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment the "network_failure_action" option in
+"/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or
+"halt".
+
+    network_failure_action = syslog</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73163\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the audit system takes appropriate action when there is an error sending\naudit records to a remote system.\"\n  desc  \"Taking appropriate action when there is an error sending audit records\nto a remote system will minimize the possibility of losing audit records.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the action the operating system takes if there is an error sending\naudit records to a remote system.\n\n    Check the action that takes place if there is an error sending audit\nrecords to a remote system with the following command:\n\n    # grep -i network_failure_action /etc/audisp/audisp-remote.conf\n    network_failure_action = syslog\n\n    If the value of the \\\"network_failure_action\\\" option is not \\\"syslog\\\",\n\\\"single\\\", or \\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the action the operating system takes if there is an error\nsending audit records to a remote system.\n\n    Uncomment the \\\"network_failure_action\\\" option in\n\\\"/etc/audisp/audisp-remote.conf\\\" and set it to \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\".\n\n    network_failure_action = syslog\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag gid: \"V-73163\"\n  tag rid: \"SV-87815r3_rule\"\n  tag stig_id: \"RHEL-07-030321\"\n  tag fix_id: \"F-79609r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('network_failure_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72289</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86913r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent Internet
 Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect
-messages from being accepted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+messages from being accepted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages modify the
-host&#39;s route table and are unauthenticated. An illicit ICMP redirect message
-could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+host's route table and are unauthenticated. An illicit ICMP redirect message
+could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system will not accept IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.default.accept_redirects&#39; &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    If &quot; net.ipv4.conf.default.accept_redirects &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.default.accept_redirects " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the value of the
-&quot;accept_redirects&quot; variables with the following command:
+"accept_redirects" variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.default.accept_redirects&#39;
-    net.ipv4.conf.default.accept_redirects &#x3D; 0
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'
+    net.ipv4.conf.default.accept_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to not accept IPv4 ICMP redirect messages by adding the
-following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+following line to "/etc/sysctl.conf" or a configuration file in the
+/etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.accept_redirects &#x3D; 0
+    net.ipv4.conf.default.accept_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>be1ca85d-d4a5-478e-b635-18e1dfbc5acb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.accept_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72099</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86723r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72289\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect\nmessages from being accepted.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages modify the\nhost's route table and are unauthenticated. An illicit ICMP redirect message\ncould result in a man-in-the-middle attack.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system will not accept IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    If \\\" net.ipv4.conf.default.accept_redirects \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the value of the\n\\\"accept_redirects\\\" variables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'\n    net.ipv4.conf.default.accept_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to not accept IPv4 ICMP redirect messages by adding the\nfollowing line to \\\"/etc/sysctl.conf\\\" or a configuration file in the\n/etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.accept_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72289\"\n  tag rid: \"SV-86913r3_rule\"\n  tag stig_id: \"RHEL-07-040640\"\n  tag fix_id: \"F-78643r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.accept_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.accept_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72099</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86723r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030380</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchown&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fchown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>998ae376-5a9d-4f44-92cd-9997eb501f9a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71943</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86567r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72099\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fchown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72099\"\n  tag rid: \"SV-86723r5_rule\"\n  tag stig_id: \"RHEL-07-030380\"\n  tag fix_id: \"F-78451r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71943</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86567r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
 lock accounts for a minimum of 15 minutes after three unsuccessful logon
-attempts within a 15-minute timeframe.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+attempts within a 15-minute timeframe.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of
 unauthorized system access via user password guessing, otherwise known as
-brute-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+brute-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check that the system locks an account for a minimum of 15 minutes after
 three unsuccessful logon attempts within a period of 15 minutes with the
 following command:
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep pam_faillock.so /etc/pam.d/password-auth
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;deny&quot; parameter is set to &quot;0&quot; or a value less than &quot;3&quot; on
-both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module, or is missing from
+    If the "deny" parameter is set to "0" or a value less than "3" on
+both "auth" lines with the "pam_faillock.so" module, or is missing from
 these lines, this is a finding.
 
-    If the &quot;even_deny_root&quot; parameter is not set on both &quot;auth&quot; lines with
-the &quot;pam_faillock.so&quot; module, or is missing from these lines, this is a
+    If the "even_deny_root" parameter is not set on both "auth" lines with
+the "pam_faillock.so" module, or is missing from these lines, this is a
 finding.
 
-    If the &quot;fail_interval&quot; parameter is set to &quot;0&quot; or is set to a value
-less than &quot;900&quot; on both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module,
+    If the "fail_interval" parameter is set to "0" or is set to a value
+less than "900" on both "auth" lines with the "pam_faillock.so" module,
 or is missing from these lines, this is a finding.
 
-    If the &quot;unlock_time&quot; parameter is not set to &quot;0&quot;, &quot;never&quot;, or is set
-to a value less than &quot;900&quot; on both &quot;auth&quot; lines with the
-&quot;pam_faillock.so&quot; module, or is missing from these lines, this is a finding.
+    If the "unlock_time" parameter is not set to "0", "never", or is set
+to a value less than "900" on both "auth" lines with the
+"pam_faillock.so" module, or is missing from these lines, this is a finding.
 
-    Note: The maximum configurable value for &quot;unlock_time&quot; is &quot;604800&quot;.
+    Note: The maximum configurable value for "unlock_time" is "604800".
 
-    If any line referencing the &quot;pam_faillock.so&quot; module is commented out,
+    If any line referencing the "pam_faillock.so" module is commented out,
 this is a finding.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;system-auth
+    # grep pam_faillock.so /etc/pam.d/system-auth
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;deny&quot; parameter is set to &quot;0&quot; or a value less than &quot;3&quot; on
-both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module, or is missing from
+    If the "deny" parameter is set to "0" or a value less than "3" on
+both "auth" lines with the "pam_faillock.so" module, or is missing from
 these lines, this is a finding.
 
-    If the &quot;even_deny_root&quot; parameter is not set on both &quot;auth&quot; lines with
-the &quot;pam_faillock.so&quot; module, or is missing from these lines, this is a
+    If the "even_deny_root" parameter is not set on both "auth" lines with
+the "pam_faillock.so" module, or is missing from these lines, this is a
 finding.
 
-    If the &quot;fail_interval&quot; parameter is set to &quot;0&quot; or is set to a value
-less than &quot;900&quot; on both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module,
+    If the "fail_interval" parameter is set to "0" or is set to a value
+less than "900" on both "auth" lines with the "pam_faillock.so" module,
 or is missing from these lines, this is a finding.
 
-    If the &quot;unlock_time&quot; parameter is not set to &quot;0&quot;, &quot;never&quot;, or is set
-to a value less than &quot;900&quot; on both &quot;auth&quot; lines with the
-&quot;pam_faillock.so&quot; module or is missing from these lines, this is a finding.
+    If the "unlock_time" parameter is not set to "0", "never", or is set
+to a value less than "900" on both "auth" lines with the
+"pam_faillock.so" module or is missing from these lines, this is a finding.
 
-    Note: The maximum configurable value for &quot;unlock_time&quot; is &quot;604800&quot;.
-    If any line referencing the &quot;pam_faillock.so&quot; module is commented out,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    Note: The maximum configurable value for "unlock_time" is "604800".
+    If any line referencing the "pam_faillock.so" module is commented out,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to lock an account for the maximum period
 when three unsuccessful logon attempts in 15 minutes are made.
 
     Modify the first three lines of the auth section and the first line of the
-account section of the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; files to match the following lines:
+account section of the "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" files to match the following lines:
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     auth sufficient pam_unix.so try_first_pass
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a8564550-b7c1-4bcf-b532-85b07e154056</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002236</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>error
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines 
-undefined local variable or method &#x60;required_rules&#39; for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDPasswordAuth_2::Lines:0x00007fb47b50fc08&gt;
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71943\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nlock accounts for a minimum of 15 minutes after three unsuccessful logon\nattempts within a 15-minute timeframe.\"\n  desc  \"By limiting the number of failed logon attempts, the risk of\nunauthorized system access via user password guessing, otherwise known as\nbrute-forcing, is reduced. Limits are imposed by locking the account.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check that the system locks an account for a minimum of 15 minutes after\nthree unsuccessful logon attempts within a period of 15 minutes with the\nfollowing command:\n\n    # grep pam_faillock.so /etc/pam.d/password-auth\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"deny\\\" parameter is set to \\\"0\\\" or a value less than \\\"3\\\" on\nboth \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module, or is missing from\nthese lines, this is a finding.\n\n    If the \\\"even_deny_root\\\" parameter is not set on both \\\"auth\\\" lines with\nthe \\\"pam_faillock.so\\\" module, or is missing from these lines, this is a\nfinding.\n\n    If the \\\"fail_interval\\\" parameter is set to \\\"0\\\" or is set to a value\nless than \\\"900\\\" on both \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module,\nor is missing from these lines, this is a finding.\n\n    If the \\\"unlock_time\\\" parameter is not set to \\\"0\\\", \\\"never\\\", or is set\nto a value less than \\\"900\\\" on both \\\"auth\\\" lines with the\n\\\"pam_faillock.so\\\" module, or is missing from these lines, this is a finding.\n\n    Note: The maximum configurable value for \\\"unlock_time\\\" is \\\"604800\\\".\n\n    If any line referencing the \\\"pam_faillock.so\\\" module is commented out,\nthis is a finding.\n\n    # grep pam_faillock.so /etc/pam.d/system-auth\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"deny\\\" parameter is set to \\\"0\\\" or a value less than \\\"3\\\" on\nboth \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module, or is missing from\nthese lines, this is a finding.\n\n    If the \\\"even_deny_root\\\" parameter is not set on both \\\"auth\\\" lines with\nthe \\\"pam_faillock.so\\\" module, or is missing from these lines, this is a\nfinding.\n\n    If the \\\"fail_interval\\\" parameter is set to \\\"0\\\" or is set to a value\nless than \\\"900\\\" on both \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module,\nor is missing from these lines, this is a finding.\n\n    If the \\\"unlock_time\\\" parameter is not set to \\\"0\\\", \\\"never\\\", or is set\nto a value less than \\\"900\\\" on both \\\"auth\\\" lines with the\n\\\"pam_faillock.so\\\" module or is missing from these lines, this is a finding.\n\n    Note: The maximum configurable value for \\\"unlock_time\\\" is \\\"604800\\\".\n    If any line referencing the \\\"pam_faillock.so\\\" module is commented out,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to lock an account for the maximum period\nwhen three unsuccessful logon attempts in 15 minutes are made.\n\n    Modify the first three lines of the auth section and the first line of the\naccount section of the \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" files to match the following lines:\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth sufficient pam_unix.so try_first_pass\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000329-GPOS-00128\"\n  tag satisfies: [\"SRG-OS-000329-GPOS-00128\", \"SRG-OS-000021-GPOS-00005\"]\n  tag gid: \"V-71943\"\n  tag rid: \"SV-86567r5_rule\"\n  tag stig_id: \"RHEL-07-010320\"\n  tag fix_id: \"F-78295r5_fix\"\n  tag cci: [\"CCI-000044\", \"CCI-002236\", \"CCI-002237\", \"CCI-002238\"]\n  tag nist: [\"AC-7 a\", \"AC-7 b\", \"AC-7 b\", \"AC-7 b\", \"Rev_4\"]\n\n  unsuccessful_attempts = input('unsuccessful_attempts')\n  fail_interval = input('fail_interval')\n  lockout_time = input('lockout_time')\n\n  describe pam('/etc/pam.d/password-auth') do\n    its('lines') {\n      should match_pam_rules(required_rules).exactly.or \\\n             match_pam_rules(alternate_rules).exactly\n    }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('deny', '&lt;=', unsuccessful_attempts) }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('fail_interval', '&lt;=', fail_interval) }\n    its('lines') {\n      should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_args('unlock_time=(0|never)').or \\\n            (match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&lt;=', 604800).and \\\n             match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&gt;=', lockout_time))\n    }\n  end\n\n  describe pam('/etc/pam.d/system-auth') do\n    its('lines') {\n      should match_pam_rules(required_rules).exactly.or \\\n             match_pam_rules(alternate_rules).exactly\n    }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('deny', '&lt;=', unsuccessful_attempts) }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('fail_interval', '&lt;=', fail_interval) }\n    its('lines') {\n      should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_args('unlock_time=(0|never)').or \\\n            (match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&lt;=', 604800).and \\\n             match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&gt;=', lockout_time))\n    }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002236</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/password-auth] lines  :: MESSAGE undefined local variable or method `required_rules' for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDPasswordAuth_2::Lines:0x00007fb47b50fc08&gt;
 Did you mean?  require_relative
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg deny &lt;&#x3D; 3
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg deny &lt;= 3
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg fail_interval &lt;&#x3D; 900
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg fail_interval &lt;= 900
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with args unlock_time&#x3D;(0|never) or include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &lt;&#x3D; 604800 and include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &gt;&#x3D; 604800
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with args unlock_time=(0|never) or include auth [default=die]|required pam_faillock.so, all with arg unlock_time &lt;= 604800 and include auth [default=die]|required pam_faillock.so, all with arg unlock_time &gt;= 604800
 --------------------------------
-error
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines 
-undefined local variable or method &#x60;required_rules&#39; for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDSystemAuth_2::Lines:0x00007fb47b5e4250&gt;
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines  :: MESSAGE undefined local variable or method `required_rules' for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDSystemAuth_2::Lines:0x00007fb47b5e4250&gt;
 Did you mean?  require_relative
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg deny &lt;&#x3D; 3
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg fail_interval &lt;&#x3D; 900
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with args unlock_time&#x3D;(0|never) or include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &lt;&#x3D; 604800 and include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &gt;&#x3D; 604800</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73155</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87807r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010081</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg deny &lt;= 3
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg fail_interval &lt;= 900
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with args unlock_time=(0|never) or include auth [default=die]|required pam_faillock.so, all with arg unlock_time &lt;= 604800 and include auth [default=die]|required pam_faillock.so, all with arg unlock_time &gt;= 604800</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73155</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87807r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010081</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
-  overriding the screensaver lock-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+  overriding the screensaver lock-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
   work and moves away from the immediate physical vicinity of the information
   system but does not log out because of the temporary nature of the absence.
   Rather than relying on the user to manually lock their operating system session
   prior to vacating the vicinity, operating systems need to be able to identify
-  when a user&#39;s session has idled and take action to initiate the session lock.
+  when a user's session has idled and take action to initiate the session lock.
 
       The session lock is implemented at the point where session activity can be
-  determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+  determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding a screensaver
 lock after a 15-minute period of inactivity for graphical user interfaces.
 
@@ -6500,24 +6230,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the lock delay setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i lock-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i lock-delay /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-delay
+    /org/gnome/desktop/screensaver/lock-delay
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -6525,139 +6255,133 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver lock delay:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-delay</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ecc53cdf-1fb7-42e2-bf30-d2707b8cfa15</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86851r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040180</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/lock-delay</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73155\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\n  overriding the screensaver lock-delay setting for the graphical user interface.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\n  work and moves away from the immediate physical vicinity of the information\n  system but does not log out because of the temporary nature of the absence.\n  Rather than relying on the user to manually lock their operating system session\n  prior to vacating the vicinity, operating systems need to be able to identify\n  when a user's session has idled and take action to initiate the session lock.\n\n      The session lock is implemented at the point where session activity can be\n  determined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding a screensaver\n  lock after a 15-minute period of inactivity for graphical user interfaces.\n\n      Note: If the system does not have GNOME installed, this requirement is Not\n  Applicable. The screen program must be installed to lock sessions on the\n  console.\n\n      Determine which profile the system database is using with the following\n  command:\n      # grep system-db /etc/dconf/profile/user\n\n      system-db:local\n\n      Check for the lock delay setting with the following command:\n\n      Note: The example below is using the database \\\"local\\\" for the system, so\n  the path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\n  other than \\\"local\\\" is being used.\n\n      # grep -i lock-delay /etc/dconf/db/local.d/locks/*\n\n      /org/gnome/desktop/screensaver/lock-delay\n\n      If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\n    screensaver lock after a 15-minute period of inactivity for graphical user\n    interfaces.\n\n        Create a database to contain the system-wide screensaver settings (if it\n    does not already exist) with the following command:\n\n        Note: The example below is using the database \\\"local\\\" for the system, so\n    if the system is using another database in \\\"/etc/dconf/profile/user\\\", the\n    file should be created under the appropriate subdirectory.\n\n        # touch /etc/dconf/db/local.d/locks/session\n\n        Add the setting to lock the screensaver lock delay:\n\n        /org/gnome/desktop/screensaver/lock-delay\n  \"\n\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-73155\"\n  tag rid: \"SV-87807r4_rule\"\n  tag stig_id: \"RHEL-07-010081\"\n  tag fix_id: \"F-79601r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n    unless package('gnome-desktop3').installed?\n      impact 0.0\n      describe \"The GNOME desktop is not installed\" do\n        skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n      end\n    else\n      describe command(\"gsettings writable org.gnome.desktop.screensaver lock-delay\") do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86851r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040180</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) authentication communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) authentication communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -6668,534 +6392,485 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; the LDAP is currently using:
+    Determine the "id_provider" the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Ensure that LDAP is configured to use TLS by using the following command:
 
-    # grep -i &quot;start_tls&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
-    ldap_id_use_start_tls &#x3D; true
+    # grep -i "start_tls" /etc/sssd/sssd.conf
+    ldap_id_use_start_tls = true
 
-    If the &quot;ldap_id_use_start_tls&quot; option is not &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ldap_id_use_start_tls" option is not "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP authentication sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_id_use_start_tls &#x3D; true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8e499bd5-9759-4bc9-8e5c-884ab915e2e1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72317</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86941r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040820</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_id_use_start_tls = true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72227\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) authentication communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP authentication sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Ensure that LDAP is configured to use TLS by using the following command:\n\n    # grep -i \\\"start_tls\\\" /etc/sssd/sssd.conf\n    ldap_id_use_start_tls = true\n\n    If the \\\"ldap_id_use_start_tls\\\" option is not \\\"true\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP authentication sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_id_use_start_tls = true\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72227\"\n  tag rid: \"SV-86851r4_rule\"\n  tag stig_id: \"RHEL-07-040180\"\n  tag fix_id: \"F-78581r2_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if pam_ldap_enabled\n    describe command('grep -i ssl /etc/pam_ldap.conf') do\n      its('stdout.strip') { should match %r{^ssl start_tls$}}\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72317</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86941r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040820</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have
-unauthorized IP tunnels configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unauthorized IP tunnels configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>IP tunneling mechanisms can be used to bypass network filtering. If
 tunneling is required, it must be documented with the Information System
-Security Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Security Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not have unauthorized IP tunnels configured.
 
-    Check to see if &quot;libreswan&quot; is installed with the following command:
+    Check to see if "libreswan" is installed with the following command:
 
     # yum list installed libreswan
     libreswan.x86-64 3.20-5.el7_4
 
-    If &quot;libreswan&quot; is installed, check to see if the &quot;IPsec&quot; service is
+    If "libreswan" is installed, check to see if the "IPsec" service is
 active with the following command:
 
     # systemctl status ipsec
     ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;ipsec.service; disabled)
+    Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
     Active: inactive (dead)
 
-    If the &quot;IPsec&quot; service is active, check to see if any tunnels are
-configured in &quot;&#x2F;etc&#x2F;ipsec.conf&quot; and &quot;&#x2F;etc&#x2F;ipsec.d&#x2F;&quot; with the following
+    If the "IPsec" service is active, check to see if any tunnels are
+configured in "/etc/ipsec.conf" and "/etc/ipsec.d/" with the following
 commands:
 
-    # grep -iw conn &#x2F;etc&#x2F;ipsec.conf &#x2F;etc&#x2F;ipsec.d&#x2F;*.conf
+    # grep -iw conn /etc/ipsec.conf /etc/ipsec.d/*.conf
 
-    If there are indications that a &quot;conn&quot; parameter is configured for a
+    If there are indications that a "conn" parameter is configured for a
 tunnel, ask the System Administrator if the tunnel is documented with the ISSO.
 
-    If &quot;libreswan&quot; is installed, &quot;IPsec&quot; is active, and an undocumented
-tunnel is active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "libreswan" is installed, "IPsec" is active, and an undocumented
+tunnel is active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove all unapproved tunnels from the system, or document them
-with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10981dff-0b39-49b4-ad8d-013f02028c21</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have libreswan installed or the ipsec.service isn&#39;t running
-The system does not have libreswan installed or the ipsec.service isn&#39;t running, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71937</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86561r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010290</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72317\" do\n  title \"The Red Hat Enterprise Linux operating system must not have\nunauthorized IP tunnels configured.\"\n  desc  \"IP tunneling mechanisms can be used to bypass network filtering. If\ntunneling is required, it must be documented with the Information System\nSecurity Officer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not have unauthorized IP tunnels configured.\n\n    Check to see if \\\"libreswan\\\" is installed with the following command:\n\n    # yum list installed libreswan\n    libreswan.x86-64 3.20-5.el7_4\n\n    If \\\"libreswan\\\" is installed, check to see if the \\\"IPsec\\\" service is\nactive with the following command:\n\n    # systemctl status ipsec\n    ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec\n    Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)\n    Active: inactive (dead)\n\n    If the \\\"IPsec\\\" service is active, check to see if any tunnels are\nconfigured in \\\"/etc/ipsec.conf\\\" and \\\"/etc/ipsec.d/\\\" with the following\ncommands:\n\n    # grep -iw conn /etc/ipsec.conf /etc/ipsec.d/*.conf\n\n    If there are indications that a \\\"conn\\\" parameter is configured for a\ntunnel, ask the System Administrator if the tunnel is documented with the ISSO.\n\n    If \\\"libreswan\\\" is installed, \\\"IPsec\\\" is active, and an undocumented\ntunnel is active, this is a finding.\n  \"\n  desc  \"fix\", \"Remove all unapproved tunnels from the system, or document them\nwith the ISSO.\"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72317\"\n  tag rid: \"SV-86941r2_rule\"\n  tag stig_id: \"RHEL-07-040820\"\n  tag fix_id: \"F-78671r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  approved_tunnels = input('approved_tunnels')\n\n  if package('libreswan').installed? &amp;&amp; service('ipsec.service').running?\n    impact 0.5\n    processed = []\n    to_process = ['/etc/ipsec.conf']\n\n    while !to_process.empty?\n      in_process = to_process.pop\n      next if processed.include? in_process\n      processed.push in_process\n\n      to_process.concat(\n        command(\"grep -E '^\\\\s*include\\\\s+' #{in_process} | sed 's/^[[:space:]]*include[[:space:]]*//g'\").\n          stdout.strip.split(%r{\\s*\\n+\\s*}).\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          map { |f|\n            dir = f.sub(%r{[^/]*[\\*\\?\\[].*$}, '') # gets the longest ancestor path which doesn't contain wildcards\n            command(\"find #{dir} -wholename '#{f}'\").stdout.strip.split(\"\\n\")\n          }.\n          flatten.\n          select { |f| file(f).file? }\n      )\n    end\n\n    conn_grep = processed.map do |conf|\n      command(\"grep -E '^\\\\s*conn\\\\s+' #{conf}\").\n        stdout.strip.split(%r{\\s*\\n\\s*})\n    end.flatten\n\n    describe conn_grep do\n      it { should all(be_in approved_tunnels) }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have libreswan installed or the ipsec.service isn't running\" do\n      skip \"The system does not have libreswan installed or the ipsec.service isn't running, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have libreswan installed or the ipsec.service isn't running :: SKIP_MESSAGE The system does not have libreswan installed or the ipsec.service isn't running, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71937</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86561r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010290</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have accounts
-configured with blank or null passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+configured with blank or null passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account has an empty password, anyone could log on and run
 commands with the privileges of that account. Accounts with empty passwords
-should never be used in operational environments.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+should never be used in operational environments.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To verify that null passwords cannot be used, run the following command:
 
-    # grep nullok &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth
 
     If this produces any output, it may be possible to log on with accounts
 with empty passwords.
 
-    If null passwords can be used, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If null passwords can be used, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account is configured for password authentication but does not have
 an assigned password, it may be possible to log on to the account without
 authenticating.
 
-    Remove any instances of the &quot;nullok&quot; option in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot;
-and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; to prevent logons with empty passwords.
+    Remove any instances of the "nullok" option in "/etc/pam.d/system-auth"
+and "/etc/pam.d/password-auth" to prevent logons with empty passwords.
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>aec1ac5c-f3cb-4501-8fdf-4d84868041c2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;config-util] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;other] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;chfn] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;chsh] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;login] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;remote] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;runuser] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;runuser-l] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;su] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;su-l] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;systemd-user] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;polkit-1] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;crond] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;rhn_register] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;subscription-manager] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sshd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smtp.postfix] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smtp] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;vlock] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sudo] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sudo-i] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;fingerprint-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smartcard-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;atd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sssd-shadowutils] lines is expected to include .* .* pam_unix.so, all without args nullok
-expected &quot;auth [success&#x3D;done ignore&#x3D;ignore default&#x3D;die] pam_unix.so nullok try_first_pass\naccount required pam_unix.so&quot; to include .* .* pam_unix.so, all without args nullok
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71937\" do\n  title \"The Red Hat Enterprise Linux operating system must not have accounts\nconfigured with blank or null passwords.\"\n  desc  \"If an account has an empty password, anyone could log on and run\ncommands with the privileges of that account. Accounts with empty passwords\nshould never be used in operational environments.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    To verify that null passwords cannot be used, run the following command:\n\n    # grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    If this produces any output, it may be possible to log on with accounts\nwith empty passwords.\n\n    If null passwords can be used, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If an account is configured for password authentication but does not have\nan assigned password, it may be possible to log on to the account without\nauthenticating.\n\n    Remove any instances of the \\\"nullok\\\" option in \\\"/etc/pam.d/system-auth\\\"\nand \\\"/etc/pam.d/password-auth\\\" to prevent logons with empty passwords.\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71937\"\n  tag rid: \"SV-86561r3_rule\"\n  tag stig_id: \"RHEL-07-010290\"\n  tag fix_id: \"F-78289r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  # Fetch all files under /etc/pam.d excluding '*-ac' files\n  # but including symlinks\n  pam_file_list = command('find /etc/pam.d ! -name \\'*-ac\\' -a \\( -type f -o -type l \\)').stdout.strip.split\n\n  pam_file_list.each do |pam_file|\n    describe pam(pam_file) do\n      its('lines') { should match_pam_rule('.* .* pam_unix.so').all_without_args('nullok') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/config-util] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/other] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/chfn] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/chsh] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/login] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/remote] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/runuser] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/runuser-l] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/su] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/su-l] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/systemd-user] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/polkit-1] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/crond] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/rhn_register] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/subscription-manager] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sshd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smtp.postfix] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smtp] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/vlock] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sudo] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sudo-i] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/fingerprint-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smartcard-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/atd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sssd-shadowutils] lines is expected to include .* .* pam_unix.so, all without args nullok :: MESSAGE expected "auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass\naccount required pam_unix.so" to include .* .* pam_unix.so, all without args nullok
 Diff:
 @@ -1,2 +1,3 @@
 -.* .* pam_unix.so
-+auth [success&#x3D;done ignore&#x3D;ignore default&#x3D;die] pam_unix.so nullok try_first_pass
++auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
 +account required pam_unix.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;screen] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;postlogin] lines is expected to include .* .* pam_unix.so, all without args nullok</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78995</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93701r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010062</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+passed :: TEST PAM Config[/etc/pam.d/screen] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/password-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/postlogin] lines is expected to include .* .* pam_unix.so, all without args nullok</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78995</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93701r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010062</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
 overriding the screensaver lock-enabled setting for the graphical user
-interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -7203,17 +6878,17 @@ does not want to log out because of the temporary nature of the absence.
     The session lock is implemented at the point where session activity can be
 determined.
 
-    The ability to enable&#x2F;disable a session lock is given to the user by
-default. Disabling the users ability to disengage the graphical user interface
+    The ability to enable/disable a session lock is given to the user by
+default. Disabling the user’s ability to disengage the graphical user interface
 session lock provides the assurance that all sessions will lock after the
-specified period of time.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+specified period of time.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding the screensaver
 lock-enabled setting for the graphical user interface.
 
@@ -7223,24 +6898,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the lock-enabled setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i lock-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i lock-enabled /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-enabled
+    /org/gnome/desktop/screensaver/lock-enabled
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -7248,290 +6923,277 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver lock-enabled setting:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-enabled</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f4a23e63-4c7c-47e6-9dc1-8ab9198a4a7d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72137</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86761r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030570</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/lock-enabled</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78995\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the screensaver lock-enabled setting for the graphical user\ninterface.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    The ability to enable/disable a session lock is given to the user by\ndefault. Disabling the user’s ability to disengage the graphical user interface\nsession lock provides the assurance that all sessions will lock after the\nspecified period of time.\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding the screensaver\nlock-enabled setting for the graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the lock-enabled setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i lock-enabled /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/screensaver/lock-enabled\n\n    If the command does not return a result, this is a finding.\n\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\nscreensaver lock after a 15-minute period of inactivity for graphical user\ninterfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in \\\"/etc/dconf/profile/user\\\", the\nfile should be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the screensaver lock-enabled setting:\n\n    /org/gnome/desktop/screensaver/lock-enabled\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-78995\"\n  tag rid: \"SV-93701r3_rule\"\n  tag stig_id: \"RHEL-07-010062\"\n  tag fix_id: \"F-85745r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command(\"gsettings writable org.gnome.desktop.screensaver lock-enabled\") do\n      its('stdout.strip') { should cmp 'false' }\n    end\n  else\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do\n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  end  \nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72137</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86761r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030570</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setsebool command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setsebool command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setsebool&quot; command occur.
+successful/unsuccessful attempts to use the "setsebool" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;setsebool &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/setsebool /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setsebool -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-priv_change
+    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setsebool&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setsebool -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-priv_change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4f0a51f0-e221-4a15-9857-910dcdd855e0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setsebool&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setsebool&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86633r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "setsebool" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-priv_change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72137\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setsebool command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setsebool\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/setsebool /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setsebool\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72137\"\n  tag rid: \"SV-86761r4_rule\"\n  tag stig_id: \"RHEL-07-030570\"\n  tag fix_id: \"F-78489r6_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n  \n  audit_file = '/usr/sbin/setsebool'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/setsebool" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/setsebool" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86633r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all files and directories have a valid group owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all files and directories have a valid group owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Files without a valid group owner may be unintentionally inherited if
 a group is assigned the same Group Identifier (GID) as the GID of the files
-without a valid group owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+without a valid group owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories on the system have a valid group.
 
     Check the owner of all files and directories with the following command:
@@ -7539,162 +7201,150 @@ without a valid group owner.</ATTRIBUTE_DATA>
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -fstype xfs -nogroup
+    # find / -fstype xfs -nogroup
 
-    If any files on the system do not have an assigned group, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files on the system do not have an assigned group, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Either remove all files and directories from the system that do not have a
 valid group, or assign a valid group to all files and directories on the system
-with the &quot;chgrp&quot; command:
-
-    # chgrp &lt;group&gt; &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>30ebf580-30d2-44ea-95d8-cc04adfb00e6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -fstype xfs -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext3 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext2 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext4 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype msdos -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype vfat -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype btrfs -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype fuseblk -nogroup&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73157</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87809r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010082</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the "chgrp" command:
+
+    # chgrp &lt;group&gt; &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72009\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories have a valid group owner.\"\n  desc  \"Files without a valid group owner may be unintentionally inherited if\na group is assigned the same Group Identifier (GID) as the GID of the files\nwithout a valid group owner.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories on the system have a valid group.\n\n    Check the owner of all files and directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -fstype xfs -nogroup\n\n    If any files on the system do not have an assigned group, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Either remove all files and directories from the system that do not have a\nvalid group, or assign a valid group to all files and directories on the system\nwith the \\\"chgrp\\\" command:\n\n    # chgrp &lt;group&gt; &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72009\"\n  tag rid: \"SV-86633r3_rule\"\n  tag stig_id: \"RHEL-07-020330\"\n  tag fix_id: \"F-78361r1_fix\"\n  tag cci: [\"CCI-002165\"]\n  tag nist: [\"AC-3 (4)\", \"Rev_4\"]\n\n  command('grep -v \"nodev\" /proc/filesystems | awk \\'NF{ print $NF }\\'').\n    stdout.strip.split(\"\\n\").each do |fs|\n      describe command(\"find / -xautofs -fstype #{fs} -nogroup\") do\n        its('stdout.strip') { should be_empty }\n      end\n    end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -fstype xfs -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext3 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext2 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext4 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype msdos -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype vfat -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype btrfs -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype fuseblk -nogroup` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73157</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87809r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010082</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
-overriding the session idle-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+overriding the session idle-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding session idle
 delay after a 15-minute period of inactivity for graphical user interfaces.
 
@@ -7704,675 +7354,640 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the session idle delay setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i idle-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i idle-delay /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;session&#x2F;idle-delay
+    /org/gnome/desktop/session/idle-delay
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a session
 lock after a 15-minute period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user, the file
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in /etc/dconf/profile/user, the file
 should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the session idle delay:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;session&#x2F;idle-delay</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cc608fa5-3a11-4483-a97d-c86af1745420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72097</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86721r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030370</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/session/idle-delay</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73157\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the session idle-delay setting for the graphical user interface.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding session idle\ndelay after a 15-minute period of inactivity for graphical user interfaces.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the session idle delay setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i idle-delay /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/session/idle-delay\n\n    If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a session\nlock after a 15-minute period of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in /etc/dconf/profile/user, the file\nshould be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the session idle delay:\n\n    /org/gnome/desktop/session/idle-delay\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-73157\"\n  tag rid: \"SV-87809r4_rule\"\n  tag stig_id: \"RHEL-07-010082\"\n  tag fix_id: \"F-79603r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  unless package('gnome-desktop3').installed?\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do\n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  else\n    describe command(\"gsettings writable org.gnome.desktop.session idle-delay\") do\n      its('stdout.strip') { should cmp 'false' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72097</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86721r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030370</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chown&quot; syscall occur.
+successful/unsuccessful attempts to use the "chown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw chown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw chown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;chown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"chown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>06ad62a9-8c00-4372-99f3-785c7df14315</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72075</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86699r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72097\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw chown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"chown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72097\"\n  tag rid: \"SV-86721r5_rule\"\n  tag stig_id: \"RHEL-07-030370\"\n  tag fix_id: \"F-78449r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"chown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"chown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "chown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72075</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86699r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow removable
-media to be used as the boot loader unless approved.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+media to be used as the boot loader unless approved.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Malicious users with removable boot media can gain access to a system
 configured to use removable media as the boot loader. If removable media is
 designed to be used as the boot loader, the requirement must be documented with
-the Information System Security Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the Information System Security Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is not configured to use a boot loader on removable media.
 
-    Note: GRUB 2 reads its configuration from the &quot;&#x2F;boot&#x2F;grub2&#x2F;grub.cfg&quot; file
+    Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file
 on traditional BIOS-based machines and from the
-&quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg&quot; file on UEFI machines.
+"/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
 
     Check for the existence of alternate boot loader configuration files with
 the following command:
 
-    # find &#x2F; -name grub.cfg
-    &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # find / -name grub.cfg
+    /boot/grub2/grub.cfg
 
-    If a &quot;grub.cfg&quot; is found in any subdirectories other than &quot;&#x2F;boot&#x2F;grub2&quot;
-and &quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&quot;, ask the System Administrator if there is
+    If a "grub.cfg" is found in any subdirectories other than "/boot/grub2"
+and "/boot/efi/EFI/redhat", ask the System Administrator if there is
 documentation signed by the ISSO to approve the use of removable media as a
 boot loader.
 
     Check that the grub configuration file has the set root command in each
 menu entry with the following commands:
 
-    # grep -c menuentry &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grep -c menuentry /boot/grub2/grub.cfg
     1
-    # grep &#39;set root&#39; &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-    set root&#x3D;(hd0,1)
+    # grep 'set root' /boot/grub2/grub.cfg
+    set root=(hd0,1)
 
     If the system is using an alternate boot loader on removable media, and
 documentation does not exist approving the alternate configuration, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove alternate methods of booting the system from removable
-media or document the configuration to boot from removable media with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f283d816-f11f-4a9c-be5f-0bcf7e47fa48</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist
-expected File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
---------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-expected &quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot; to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
+media or document the configuration to boot from removable media with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72075\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow removable\nmedia to be used as the boot loader unless approved.\"\n  desc  \"Malicious users with removable boot media can gain access to a system\nconfigured to use removable media as the boot loader. If removable media is\ndesigned to be used as the boot loader, the requirement must be documented with\nthe Information System Security Officer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is not configured to use a boot loader on removable media.\n\n    Note: GRUB 2 reads its configuration from the \\\"/boot/grub2/grub.cfg\\\" file\non traditional BIOS-based machines and from the\n\\\"/boot/efi/EFI/redhat/grub.cfg\\\" file on UEFI machines.\n\n    Check for the existence of alternate boot loader configuration files with\nthe following command:\n\n    # find / -name grub.cfg\n    /boot/grub2/grub.cfg\n\n    If a \\\"grub.cfg\\\" is found in any subdirectories other than \\\"/boot/grub2\\\"\nand \\\"/boot/efi/EFI/redhat\\\", ask the System Administrator if there is\ndocumentation signed by the ISSO to approve the use of removable media as a\nboot loader.\n\n    Check that the grub configuration file has the set root command in each\nmenu entry with the following commands:\n\n    # grep -c menuentry /boot/grub2/grub.cfg\n    1\n    # grep 'set root' /boot/grub2/grub.cfg\n    set root=(hd0,1)\n\n    If the system is using an alternate boot loader on removable media, and\ndocumentation does not exist approving the alternate configuration, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Remove alternate methods of booting the system from removable\nmedia or document the configuration to boot from removable media with the ISSO.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72075\"\n  tag rid: \"SV-86699r2_rule\"\n  tag stig_id: \"RHEL-07-021700\"\n  tag fix_id: \"F-78427r1_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  roots = command('grubby --info=ALL | grep \"^root=\" | sed \"s/^root=//g\"').\n    stdout.strip.split(\"\\n\")\n\n  blocks = roots.map { |root|\n    root_file = file(root)\n    root_file.symlink? ? root_file.link_path : root_file.path\n  }\n\n  blocks.each { |block|\n    block_file = file(block)\n    describe block_file do\n      it { should exist }\n      its('path') { should match %r{^/dev/} }\n    end\n\n    if block_file.exist? and block_file.path.match? %r{^/dev/}\n      removable = ['/sys/block', block.sub(%r{^/dev/}, ''), 'removable'].join('/')\n      describe file(removable) do\n        it { should exist }\n        its('content.strip') { should eq '0' }\n      end\n    end\n  }\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist :: MESSAGE expected File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
+--------------------------------
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match /^\/dev\// :: MESSAGE expected "UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033" to match /^\/dev\//
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-+&quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot;
+-/^\/dev\//
++"UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033"
 
 --------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist
-expected File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist :: MESSAGE expected File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
 --------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-expected &quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot; to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match /^\/dev\// :: MESSAGE expected "UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033" to match /^\/dev\//
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-+&quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72179</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86803r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030780</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^\/dev\//
++"UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72179</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86803r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030780</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the ssh-keysign command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the ssh-keysign command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged ssh commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ssh-keysign&quot; command occur.
+successful/unsuccessful attempts to use the "ssh-keysign" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-ssh
+    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-ssh
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ssh-keysign&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-ssh
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>96d1af51-9d72-40ba-a709-3279c4c5e3b9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72305</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86929r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "ssh-keysign" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-ssh
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72179\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe ssh-keysign command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged ssh commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"ssh-keysign\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-ssh\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"ssh-keysign\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-ssh\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72179\"\n  tag rid: \"SV-86803r3_rule\"\n  tag stig_id: \"RHEL-07-030780\"\n  tag fix_id: \"F-78533r4_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/libexec/openssh/ssh-keysign'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/libexec/openssh/ssh-keysign" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/libexec/openssh/ssh-keysign" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72305</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86929r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP
-daemon is configured to operate in secure mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+daemon is configured to operate in secure mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Restricting TFTP to a specific directory prevents remote users from
-copying, transferring, or overwriting system files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+copying, transferring, or overwriting system files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the TFTP daemon is configured to operate in secure mode.
 
     Check to see if a TFTP server has been installed with the following
@@ -8386,128 +8001,122 @@ commands:
     If a TFTP server is installed, check for the server arguments with the
 following command:
 
-    # grep server_args &#x2F;etc&#x2F;xinetd.d&#x2F;tftp
-    server_args &#x3D; -s &#x2F;var&#x2F;lib&#x2F;tftpboot
+    # grep server_args /etc/xinetd.d/tftp
+    server_args = -s /var/lib/tftpboot
 
-    If the &quot;server_args&quot; line does not have a &quot;-s&quot; option and a
-subdirectory is not assigned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "server_args" line does not have a "-s" option and a
+subdirectory is not assigned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the TFTP daemon to operate in secure mode by adding the following
-line to &quot;&#x2F;etc&#x2F;xinetd.d&#x2F;tftp&quot; (or modify the line to have the required value):
-
-    server_args &#x3D; -s &#x2F;var&#x2F;lib&#x2F;tftpboot</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>598f15a9-f64d-47b4-8a9a-2e07440d4d83</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The TFTP package is not installed
-If a TFTP server is not installed, this is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71913</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86537r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010170</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
+
+    server_args = -s /var/lib/tftpboot</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72305\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP\ndaemon is configured to operate in secure mode.\"\n  desc  \"Restricting TFTP to a specific directory prevents remote users from\ncopying, transferring, or overwriting system files.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the TFTP daemon is configured to operate in secure mode.\n\n    Check to see if a TFTP server has been installed with the following\ncommands:\n\n    # yum list installed tftp-server\n    tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms\n\n    If a TFTP server is not installed, this is Not Applicable.\n\n    If a TFTP server is installed, check for the server arguments with the\nfollowing command:\n\n    # grep server_args /etc/xinetd.d/tftp\n    server_args = -s /var/lib/tftpboot\n\n    If the \\\"server_args\\\" line does not have a \\\"-s\\\" option and a\nsubdirectory is not assigned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the TFTP daemon to operate in secure mode by adding the following\nline to \\\"/etc/xinetd.d/tftp\\\" (or modify the line to have the required value):\n\n    server_args = -s /var/lib/tftpboot\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72305\"\n  tag rid: \"SV-86929r3_rule\"\n  tag stig_id: \"RHEL-07-040720\"\n  tag fix_id: \"F-78659r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if package('tftp-server').installed?\n    impact 0.5\n    describe command('grep server_args /etc/xinetd.d/tftp') do\n      its('stdout.strip') { should match %r{^\\s*server_args\\s+=\\s+(-s|--secure)\\s(\\/\\S+)$} }\n    end\n  else\n    impact 0.0\n    describe \"The TFTP package is not installed\" do\n      skip \"If a TFTP server is not installed, this is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The TFTP package is not installed :: SKIP_MESSAGE If a TFTP server is not installed, this is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71913</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86537r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010170</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed a minimum of four character classes must be
-changed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+changed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -8516,289 +8125,279 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;minclass&quot; option sets the minimum number of required classes of
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "minclass" option sets the minimum number of required classes of
 characters for the new password (digits, upper-case, lower-case, others).
 
-    Check for the value of the &quot;minclass&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "minclass" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep minclass &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    minclass &#x3D; 4
+    # grep minclass /etc/security/pwquality.conf
+    minclass = 4
 
-    If the value of &quot;minclass&quot; is set to less than &quot;4&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "minclass" is set to less than "4", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of at least four
-character classes when passwords are changed by setting the &quot;minclass&quot; option.
+character classes when passwords are changed by setting the "minclass" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf conf&quot; (or modify
+    Add the following line to "/etc/security/pwquality.conf conf" (or modify
 the line to have the required value):
 
-    minclass &#x3D; 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>80d6f26e-63ed-440c-8bec-3d048b119049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf minclass.to_i is expected to cmp &gt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87813r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    minclass = 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71913\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed a minimum of four character classes must be\nchanged.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"minclass\\\" option sets the minimum number of required classes of\ncharacters for the new password (digits, upper-case, lower-case, others).\n\n    Check for the value of the \\\"minclass\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep minclass /etc/security/pwquality.conf\n    minclass = 4\n\n    If the value of \\\"minclass\\\" is set to less than \\\"4\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of at least four\ncharacter classes when passwords are changed by setting the \\\"minclass\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf conf\\\" (or modify\nthe line to have the required value):\n\n    minclass = 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71913\"\n  tag rid: \"SV-86537r2_rule\"\n  tag stig_id: \"RHEL-07-010170\"\n  tag fix_id: \"F-78265r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('minclass.to_i') { should cmp &gt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf minclass.to_i is expected to cmp &gt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87813r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent binary
 files from being executed on file systems that are being imported via Network
-File System (NFS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;noexec&quot; mount option causes the system to not execute binary
+File System (NFS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "noexec" mount option causes the system to not execute binary
 files. This option must be used for mounting any file system not containing
 approved binary files as they may be incompatible. Executing files from
 untrusted file systems increases the opportunity for unprivileged users to
-attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are being NFS imported are configured with the
-&quot;noexec&quot; option.
+"noexec" option.
 
     Find the file system(s) that contain the directories being imported with
 the following command:
 
-    # more &#x2F;etc&#x2F;fstab | grep nfs
+    # more /etc/fstab | grep nfs
 
-    UUID&#x3D;e06097bb-cfcd-437b-9e4d-a691f5662a7d &#x2F;store nfs rw,noexec 0 0
+    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,noexec 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to NFS and it does not have
-the &quot;noexec&quot; option set, and use of NFS imported binaries is not documented
+    If a file system found in "/etc/fstab" refers to NFS and it does not have
+the "noexec" option set, and use of NFS imported binaries is not documented
 with the Information System Security Officer (ISSO) as an operational
 requirement, this is a finding.
 
-    Verify the NFS is mounted with the &quot;noexec&quot;option:
+    Verify the NFS is mounted with the "noexec"option:
 
     # mount | grep nfs | grep noexec
     If no results are returned and use of NFS imported binaries is not
 documented with the Information System Security Officer (ISSO) as an
-operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;noexec&quot; option on
-file systems that are being imported via NFS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3151ef8a-a0ef-4eea-8c41-600eea60d821</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72433</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87057r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "noexec" option on
+file systems that are being imported via NFS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73161\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent binary\nfiles from being executed on file systems that are being imported via Network\nFile System (NFS).\"\n  desc  \"The \\\"noexec\\\" mount option causes the system to not execute binary\nfiles. This option must be used for mounting any file system not containing\napproved binary files as they may be incompatible. Executing files from\nuntrusted file systems increases the opportunity for unprivileged users to\nattain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are being NFS imported are configured with the\n\\\"noexec\\\" option.\n\n    Find the file system(s) that contain the directories being imported with\nthe following command:\n\n    # more /etc/fstab | grep nfs\n\n    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,noexec 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to NFS and it does not have\nthe \\\"noexec\\\" option set, and use of NFS imported binaries is not documented\nwith the Information System Security Officer (ISSO) as an operational\nrequirement, this is a finding.\n\n    Verify the NFS is mounted with the \\\"noexec\\\"option:\n\n    # mount | grep nfs | grep noexec\n    If no results are returned and use of NFS imported binaries is not\ndocumented with the Information System Security Officer (ISSO) as an\noperational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"noexec\\\" option on\nfile systems that are being imported via NFS.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-73161\"\n  tag rid: \"SV-87813r2_rule\"\n  tag stig_id: \"RHEL-07-021021\"\n  tag fix_id: \"F-79607r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |file_system|\n      describe file_system do\n        its ('mount_options') { should include 'noexec' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72433</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87057r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
-certificate status checking for PKI authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+certificate status checking for PKI authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
 separate from the information system, ensures that even if the information
 system is compromised, that compromise will not affect credentials stored on
@@ -8821,534 +8420,505 @@ example, dial-up, broadband, and wireless.
     This requirement only applies to components where this is specific to the
 function of the device or has the concept of an organizational user (e.g., VPN,
 proxy capability). This does not apply to authentication for the purpose of
-configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements certificate status checking for PKI
 authentication.
 
     Check to see if Online Certificate Status Protocol (OCSP) is enabled on the
 system with the following command:
 
-    # grep cert_policy &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf | grep -v &quot;^#&quot;
+    # grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf | grep -v "^#"
 
-    cert_policy &#x3D; ca, ocsp_on, signature;
-    cert_policy &#x3D; ca, ocsp_on, signature;
-    cert_policy &#x3D; ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
 
     There should be at least three lines returned.
 
-    If &quot;ocsp_on&quot; is not present in all uncommented &quot;cert_policy&quot; lines in
-&quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ocsp_on" is not present in all uncommented "cert_policy" lines in
+"/etc/pam_pkcs11/pam_pkcs11.conf", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to do certificate status checking for PKI
 authentication.
 
-    Modify all of the &quot;cert_policy&quot; lines in
-&quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot; to include &quot;ocsp_on&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8316ef53-a5f3-4a24-b530-4e3274793292</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf is expected to exist
-expected File &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72175</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86799r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030760</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify all of the "cert_policy" lines in
+"/etc/pam_pkcs11/pam_pkcs11.conf" to include "ocsp_on".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72433\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncertificate status checking for PKI authentication.\"\n  desc  \"Using an authentication device, such as a CAC or token that is\nseparate from the information system, ensures that even if the information\nsystem is compromised, that compromise will not affect credentials stored on\nthe authentication device.\n\n    Multifactor solutions that require devices separate from information\nsystems gaining access include, for example, hardware tokens providing\ntime-based or challenge-response authenticators and smart cards such as the\nU.S. Government Personal Identity Verification card and the DoD Common Access\nCard.\n\n    A privileged account is defined as an information system account with\nauthorizations of a privileged user.\n\n    Remote access is access to DoD nonpublic information systems by an\nauthorized user (or an information system) communicating through an external,\nnon-organization-controlled network. Remote access methods include, for\nexample, dial-up, broadband, and wireless.\n\n    This requirement only applies to components where this is specific to the\nfunction of the device or has the concept of an organizational user (e.g., VPN,\nproxy capability). This does not apply to authentication for the purpose of\nconfiguring the device itself (management).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements certificate status checking for PKI\nauthentication.\n\n    Check to see if Online Certificate Status Protocol (OCSP) is enabled on the\nsystem with the following command:\n\n    # grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf | grep -v \\\"^#\\\"\n\n    cert_policy = ca, ocsp_on, signature;\n    cert_policy = ca, ocsp_on, signature;\n    cert_policy = ca, ocsp_on, signature;\n\n    There should be at least three lines returned.\n\n    If \\\"ocsp_on\\\" is not present in all uncommented \\\"cert_policy\\\" lines in\n\\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to do certificate status checking for PKI\nauthentication.\n\n    Modify all of the \\\"cert_policy\\\" lines in\n\\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\" to include \\\"ocsp_on\\\".\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\",\n\"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72433\"\n  tag rid: \"SV-87057r5_rule\"\n  tag stig_id: \"RHEL-07-041003\"\n  tag fix_id: \"F-78785r3_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  smart_card_status = input('smart_card_status')\n\n  if smart_card_status.eql?('enabled')\n    impact 0.5\n    if ((pam_file = file('/etc/pam_pkcs11/pam_pkcs11.conf')).exist?)\n      cert_policy_lines = (pam_file.content.nil?)?[]:\n        pam_file.content.lines.grep(%r{^(?!.+#).*cert_policy}i)\n      if (cert_policy_lines.length &lt; 3)\n        describe \"should contain at least 3 cert policy lines\" do\n          subject { cert_policy_lines.length }\n          it { should &gt;= 3 }\n        end\n      else\n        describe \"each cert policy line should include oscp_on\" do\n          cert_policy_lines.each do |line|\n           subject { line }\n           it { should match %r{=[^;]*ocsp_on}i }\n\t  end\n        end\n      end\n    else\n      describe pam_file do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system is not smartcard enabled\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/pam_pkcs11/pam_pkcs11.conf is expected to exist :: MESSAGE expected File /etc/pam_pkcs11/pam_pkcs11.conf to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72175</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86799r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030760</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the postdrop command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the postdrop command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged postfix commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postdrop&quot; command occur.
+successful/unsuccessful attempts to use the "postdrop" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;postdrop &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/postdrop /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postdrop -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-postfix
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postdrop&quot; command occur.
+successful/unsuccessful attempts to use the "postdrop" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postdrop -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-postfix
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>71975ac2-a7ef-4314-a1ea-fb243d29d211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postdrop&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postdrop&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72129</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86753r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72175\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe postdrop command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged postfix commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"postdrop\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/sbin/postdrop /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-postfix\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"postdrop\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-postfix\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72175\"\n  tag rid: \"SV-86799r4_rule\"\n  tag stig_id: \"RHEL-07-030760\"\n  tag fix_id: \"F-78529r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/postdrop'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/postdrop" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/postdrop" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72129</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86753r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030530</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the open_by_handle_at syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the open_by_handle_at syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open_by_handle_at&quot; syscall occur.
+successful/unsuccessful attempts to use the "open_by_handle_at" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw open_by_handle_at &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw open_by_handle_at /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;open_by_handle_at&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"open_by_handle_at" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open_by_handle_at&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3a8d7652-cbb9-455f-9a4a-46580b302f38</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86855r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "open_by_handle_at" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72129\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe open_by_handle_at syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"open_by_handle_at\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw open_by_handle_at /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"open_by_handle_at\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"open_by_handle_at\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72129\"\n  tag rid: \"SV-86753r5_rule\"\n  tag stig_id: \"RHEL-07-030530\"\n  tag fix_id: \"F-78481r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86855r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -9359,626 +8929,600 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; that the LDAP is currently using:
+    Determine the "id_provider" that the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Check the path to the X.509 certificate for peer authentication with the
 following command:
 
-    # grep -i tls_cacert &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i tls_cacert /etc/sssd/sssd.conf
 
-    ldap_tls_cacert &#x3D; &#x2F;etc&#x2F;pki&#x2F;tls&#x2F;certs&#x2F;ca-bundle.crt
+    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
 
-    Verify the &quot;ldap_tls_cacert&quot; option points to a file that contains the
+    Verify the "ldap_tls_cacert" option points to a file that contains the
 trusted CA certificate.
 
     If this file does not exist, or the option is commented out or missing,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP remote access sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_tls_cacert &#x3D; &#x2F;etc&#x2F;pki&#x2F;tls&#x2F;certs&#x2F;ca-bundle.crt</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>88308d26-e975-499b-adb3-cacc53765082</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72159</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86783r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72231\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP access sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" that the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Check the path to the X.509 certificate for peer authentication with the\nfollowing command:\n\n    # grep -i tls_cacert /etc/sssd/sssd.conf\n\n    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt\n\n    Verify the \\\"ldap_tls_cacert\\\" option points to a file that contains the\ntrusted CA certificate.\n\n    If this file does not exist, or the option is commented out or missing,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP remote access sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72231\"\n  tag rid: \"SV-86855r4_rule\"\n  tag stig_id: \"RHEL-07-040200\"\n  tag fix_id: \"F-78585r3_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  sssd_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*[a-z]*_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or sssd_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if sssd_ldap_enabled\n    ldap_tls_cacert = command('grep -i ldap_tls_cacert /etc/sssd/sssd.conf').\n      stdout.strip.scan(%r{^ldap_tls_cacert\\s*=\\s*(.*)}).last\n\n    describe \"ldap_tls_cacert\" do\n      subject { ldap_tls_cacert }\n      it { should_not eq nil }\n    end\n\n    describe file(ldap_tls_cacert.last) do\n      it { should exist }\n      it { should be_file }\n    end if !ldap_tls_cacert.nil?\n  end\n\n  if pam_ldap_enabled\n    tls_cacertfile = command('grep -i tls_cacertfile /etc/pam_ldap.conf').\n      stdout.strip.scan(%r{^tls_cacertfile\\s+(.*)}).last\n\n    describe \"tls_cacertfile\" do\n      subject { tls_cacertfile }\n      it { should_not eq nil }\n    end\n\n    describe file(tls_cacertfile.last) do\n      it { should exist }\n      it { should be_file }\n    end if !tls_cacertfile.nil?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72159</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86783r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the su command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the su command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;su&quot; command occur.
+successful/unsuccessful attempts to use the "su" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;su &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/su /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;su -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;su&quot; command occur.
+successful/unsuccessful attempts to use the "su" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;su -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bdc95ce0-1ab0-45eb-90af-6ff9720f8372</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;su&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;su&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72115</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86739r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72159\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe su command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"su\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/su /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"su\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72159\"\n  tag rid: \"SV-86783r5_rule\"\n  tag stig_id: \"RHEL-07-030680\"\n  tag fix_id: \"F-78511r6_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/su'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/su" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/su" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72115</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86739r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lsetxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lsetxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lsetxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lsetxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lsetxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lsetxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"lsetxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lsetxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3314c9b7-c9b0-48b0-a6a4-a376b264afd4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102355r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040612</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72115\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lsetxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lsetxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lsetxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lsetxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"lsetxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72115\"\n  tag rid: \"SV-86739r5_rule\"\n  tag stig_id: \"RHEL-07-030460\"\n  tag fix_id: \"F-78467r10_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lsetxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lsetxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102355r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040612</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a reverse-path
-filter for IPv4 network traffic when possible by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+filter for IPv4 network traffic when possible by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enabling reverse path filtering drops packets with source addresses
 that should not have been able to be received on the interface they were
 received on. It should not be used on systems which are routers for complicated
-networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system uses a reverse-path filter for IPv4:
 
-    # grep net.ipv4.conf.default.rp_filter &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    # grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+    net.ipv4.conf.default.rp_filter = 1
 
-    If &quot;net.ipv4.conf.default.rp_filter&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If "net.ipv4.conf.default.rp_filter" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.default.rp_filter
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter
+    net.ipv4.conf.default.rp_filter = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    net.ipv4.conf.default.rp_filter = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1b4fdb23-4b4f-477b-ba14-16e062000382</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.rp_filter value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72223</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86847r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92253\" do\n  title \"The Red Hat Enterprise Linux operating system must use a reverse-path\nfilter for IPv4 network traffic when possible by default.\"\n  desc  \"Enabling reverse path filtering drops packets with source addresses\nthat should not have been able to be received on the interface they were\nreceived on. It should not be used on systems which are routers for complicated\nnetworks, but is helpful for end hosts and routers serving small networks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system uses a reverse-path filter for IPv4:\n\n    # grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/*\n    net.ipv4.conf.default.rp_filter = 1\n\n    If \\\"net.ipv4.conf.default.rp_filter\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter\n    net.ipv4.conf.default.rp_filter = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.rp_filter = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-92253\"\n  tag rid: \"SV-102355r1_rule\"\n  tag stig_id: \"RHEL-07-040612\"\n  tag fix_id: \"F-98475r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.rp_filter') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.rp_filter value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72223</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86847r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with a communication session are
 terminated at the end of the session or after 10 minutes of inactivity from the
 user at a command prompt, except to fulfill documented and validated mission
-requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -9986,318 +9530,307 @@ unattended. In addition, quickly terminating an idle session will also free up
 resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system terminates all network connections associated
 with a communications session at the end of the session or based on inactivity.
 
     Check the value of the system inactivity timeout with the following command:
 
-    # grep -i tmout &#x2F;etc&#x2F;profile.d&#x2F;*
+    # grep -i tmout /etc/profile.d/*
 
-    etc&#x2F;profile.d&#x2F;tmout.sh:TMOUT&#x3D;600
+    etc/profile.d/tmout.sh:TMOUT=600
 
-    &#x2F;etc&#x2F;profile.d&#x2F;tmout.sh:readonly TMOUT
+    /etc/profile.d/tmout.sh:readonly TMOUT
 
-    &#x2F;etc&#x2F;profile.d&#x2F;tmout.sh:export TMOUT
+    /etc/profile.d/tmout.sh:export TMOUT
 
-    If &quot;TMOUT&quot; is not set to &quot;600&quot; or less in a script located in the
-&#x2F;etc&#x2F;profile.d&#x2F; directory to enforce session termination after inactivity, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "TMOUT" is not set to "600" or less in a script located in the
+/etc/profile.d/ directory to enforce session termination after inactivity, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to terminate all network connections
 associated with a communications session at the end of the session or after a
 period of inactivity.
 
     Create a script to enforce the inactivity timeout (for example
-&#x2F;etc&#x2F;profile.d&#x2F;tmout.sh) such as:
+/etc/profile.d/tmout.sh) such as:
 
-    #!&#x2F;bin&#x2F;bash
+    #!/bin/bash
 
-    TMOUT&#x3D;600
+    TMOUT=600
     readonly TMOUT
-    export TMOUT</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fd83bd51-bd25-4b3f-8450-0dd2347f7b2f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Environment variable TMOUT is expected to be &lt;&#x3D; 600
---------------------------------
-passed
-The TMOUT setting is configured properly is expected to be &lt;&#x3D; 600</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71995</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00228</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86619r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    export TMOUT</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72223\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with a communication session are\nterminated at the end of the session or after 10 minutes of inactivity from the\nuser at a command prompt, except to fulfill documented and validated mission\nrequirements.\"\n  desc  \"Terminating an idle session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle session will also free up\nresources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system terminates all network connections associated\nwith a communications session at the end of the session or based on inactivity.\n\n    Check the value of the system inactivity timeout with the following command:\n\n    # grep -i tmout /etc/profile.d/*\n\n    etc/profile.d/tmout.sh:TMOUT=600\n\n    /etc/profile.d/tmout.sh:readonly TMOUT\n\n    /etc/profile.d/tmout.sh:export TMOUT\n\n    If \\\"TMOUT\\\" is not set to \\\"600\\\" or less in a script located in the\n/etc/profile.d/ directory to enforce session termination after inactivity, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to terminate all network connections\nassociated with a communications session at the end of the session or after a\nperiod of inactivity.\n\n    Create a script to enforce the inactivity timeout (for example\n/etc/profile.d/tmout.sh) such as:\n\n    #!/bin/bash\n\n    TMOUT=600\n    readonly TMOUT\n    export TMOUT\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag gid: \"V-72223\"\n  tag rid: \"SV-86847r4_rule\"\n  tag stig_id: \"RHEL-07-040160\"\n  tag fix_id: \"F-78577r5_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  system_activity_timeout = input('system_activity_timeout')\n\n  # Get current TMOUT environment variable (active test)\n  describe 'Environment variable TMOUT' do\n    subject { os_env('TMOUT').content.to_i }\n    it { should be &lt;= system_activity_timeout }\n  end\n\n  # Check if TMOUT is set in files (passive test)\n  files = ['/etc/bashrc'] + ['/etc/profile'] + command(\"find /etc/profile.d/*\").stdout.split(\"\\n\")\n  latest_val = nil\n\n  files.each do |file|\n    readonly = false\n\n    # Skip to next file if TMOUT isn't present. Otherwise, get the last occurrence of TMOUT\n    next if (values = command(\"grep -Po '.*TMOUT.*' #{file}\").stdout.split(\"\\n\")).empty?\n\n    # Loop through each TMOUT match and see if set TMOUT's value or makes it readonly\n    values.each_with_index { |value, index|\n\n      # Skip if starts with '#' - it represents a comment\n      next if !value.match(/^#/).nil?\n      # If readonly and value is inline - use that value\n      if !value.match(/^readonly[\\s]+TMOUT[\\s]*=[\\s]*[\\d]+$/).nil?\n        latest_val = value.match(/[\\d]+/)[0].to_i\n        readonly = true\n        break\n      # If readonly, but, value is not inline - use the most recent value\n      elsif !value.match(/^readonly[\\s]+([\\w]+[\\s]+)?TMOUT[\\s]*([\\s]+[\\w]+[\\s]*)*$/).nil?\n        # If the index is greater than 0, the configuraiton setting value.\n        # Otherwise, the configuration setting value is in the previous file\n        # and is already set in latest_val.\n        if index &gt;= 1\n          latest_val = values[index - 1].match(/[\\d]+/)[0].to_i\n        end\n        readonly = true\n        break\n      # Readonly is not set use the lastest value\n      else\n        latest_val = value.match(/[\\d]+/)[0].to_i\n      end\n    }\n   # Readonly is set - stop processing files\n    break if readonly === true\n  end\n\n  if latest_val.nil?\n    describe \"The TMOUT setting is configured\" do\n      subject { !latest_val.nil? }\n      it { should be true }\n    end\n  else\n    describe\"The TMOUT setting is configured properly\" do\n      subject { latest_val }\n      it { should be &lt;= system_activity_timeout }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Environment variable TMOUT is expected to be &lt;= 600
+--------------------------------
+passed :: TEST The TMOUT setting is configured properly is expected to be &lt;= 600</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71995</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00228</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86619r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must define default
 permissions for all authenticated users in such a way that the user can only
-read and modify their own files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+read and modify their own files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Setting the most restrictive default permissions ensures that when new
-accounts are created, they do not have unnecessary access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts are created, they do not have unnecessary access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system defines default permissions for all
 authenticated users in such a way that the user can only read and modify their
 own files.
 
-    Check for the value of the &quot;UMASK&quot; parameter in &quot;&#x2F;etc&#x2F;login.defs&quot; file
+    Check for the value of the "UMASK" parameter in "/etc/login.defs" file
 with the following command:
 
-    Note: If the value of the &quot;UMASK&quot; parameter is set to &quot;000&quot; in
-&quot;&#x2F;etc&#x2F;login.defs&quot; file, the Severity is raised to a CAT I.
+    Note: If the value of the "UMASK" parameter is set to "000" in
+"/etc/login.defs" file, the Severity is raised to a CAT I.
 
-    # grep -i umask &#x2F;etc&#x2F;login.defs
+    # grep -i umask /etc/login.defs
     UMASK  077
 
-    If the value for the &quot;UMASK&quot; parameter is not &quot;077&quot;, or the &quot;UMASK&quot;
-parameter is missing or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value for the "UMASK" parameter is not "077", or the "UMASK"
+parameter is missing or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to define default permissions for all
 authenticated users in such a way that the user can only read and modify their
 own files.
 
-    Add or edit the line for the &quot;UMASK&quot; parameter in &quot;&#x2F;etc&#x2F;login.defs&quot;
-file to &quot;077&quot;:
-
-    UMASK  077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b6bbc1a3-b7ea-42bd-88a3-fe46df63680e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs UMASK is expected to eq &quot;077&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72071</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86695r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or edit the line for the "UMASK" parameter in "/etc/login.defs"
+file to "077":
+
+    UMASK  077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71995\" do\n  title \"The Red Hat Enterprise Linux operating system must define default\npermissions for all authenticated users in such a way that the user can only\nread and modify their own files.\"\n  desc  \"Setting the most restrictive default permissions ensures that when new\naccounts are created, they do not have unnecessary access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system defines default permissions for all\nauthenticated users in such a way that the user can only read and modify their\nown files.\n\n    Check for the value of the \\\"UMASK\\\" parameter in \\\"/etc/login.defs\\\" file\nwith the following command:\n\n    Note: If the value of the \\\"UMASK\\\" parameter is set to \\\"000\\\" in\n\\\"/etc/login.defs\\\" file, the Severity is raised to a CAT I.\n\n    # grep -i umask /etc/login.defs\n    UMASK  077\n\n    If the value for the \\\"UMASK\\\" parameter is not \\\"077\\\", or the \\\"UMASK\\\"\nparameter is missing or is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to define default permissions for all\nauthenticated users in such a way that the user can only read and modify their\nown files.\n\n    Add or edit the line for the \\\"UMASK\\\" parameter in \\\"/etc/login.defs\\\"\nfile to \\\"077\\\":\n\n    UMASK  077\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00228\"\n  tag gid: \"V-71995\"\n  tag rid: \"SV-86619r2_rule\"\n  tag stig_id: \"RHEL-07-020240\"\n  tag fix_id: \"F-78347r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n\n  if login_defs.read_params[\"UMASK\"].eql?('000')\n    impact 0.7\n  else\n    impact 0.5\n  end\n  describe login_defs do\n    its('UMASK') { should eq '077' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs UMASK is expected to eq "077"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72071</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86695r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the file integrity tool is configured to verify extended attributes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the file integrity tool is configured to verify extended attributes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Extended attributes in file systems are used to contain arbitrary data
-and file metadata with security implications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and file metadata with security implications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to verify extended attributes.
 
     Check to see if Advanced Intrusion Detection Environment (AIDE) is
@@ -10312,311 +9845,300 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;xattrs&quot; rule has been
+    Check the "aide.conf" file to determine if the "xattrs" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;xattrs&quot; rule follows:
+    An example rule that includes the "xattrs" rule follows:
 
-    All&#x3D; p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;xattrs&quot; rule is not being used on all uncommented selection lines
-in the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or extended attributes are not being checked by
-another file integrity tool, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "xattrs" rule is not being used on all uncommented selection lines
+in the "/etc/aide.conf" file, or extended attributes are not being checked by
+another file integrity tool, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to check file and directory extended
 attributes.
 
-    If AIDE is installed, ensure the &quot;xattrs&quot; rule is present on all
-uncommented file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e641da94-89be-44b2-bc66-4949663c4e46</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;xattrs&#39; rule is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71929</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86553r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010250</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "xattrs" rule is present on all
+uncommented file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72071\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file integrity tool is configured to verify extended attributes.\"\n  desc  \"Extended attributes in file systems are used to contain arbitrary data\nand file metadata with security implications.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to verify extended attributes.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"xattrs\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"xattrs\\\" rule follows:\n\n    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"xattrs\\\" rule is not being used on all uncommented selection lines\nin the \\\"/etc/aide.conf\\\" file, or extended attributes are not being checked by\nanother file integrity tool, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to check file and directory extended\nattributes.\n\n    If AIDE is installed, ensure the \\\"xattrs\\\" rule is present on all\nuncommented file and directory selection lists.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72071\"\n  tag rid: \"SV-86695r3_rule\"\n  tag stig_id: \"RHEL-07-021610\"\n  tag fix_id: \"F-78423r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  findings = []\n  aide_conf.where { !selection_line.start_with? '!' }.entries.each do |selection|\n    unless selection.rules.include? 'xattrs'\n      findings.append(selection.selection_line)\n    end\n  end\n\n  describe \"List of monitored files/directories without 'xattrs' rule\" do\n    subject { findings }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'xattrs' rule is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71929</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86553r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010250</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords for new users are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords for new users are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked.
 Therefore, passwords need to be changed periodically. If the operating system
 does not limit the lifetime of passwords and force users to change their
 passwords, there is the risk that the operating system passwords could be
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system enforces a 60-day maximum password lifetime
 restriction for new user accounts.
 
-    Check for the value of &quot;PASS_MAX_DAYS&quot; in &quot;&#x2F;etc&#x2F;login.defs&quot; with the
+    Check for the value of "PASS_MAX_DAYS" in "/etc/login.defs" with the
 following command:
 
-    # grep -i pass_max_days &#x2F;etc&#x2F;login.defs
+    # grep -i pass_max_days /etc/login.defs
     PASS_MAX_DAYS 60
 
-    If the &quot;PASS_MAX_DAYS&quot; parameter value is not 60 or less, or is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PASS_MAX_DAYS" parameter value is not 60 or less, or is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce a 60-day maximum password
 lifetime restriction.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;login.defs&quot; (or modify the line to have
+    Add the following line in "/etc/login.defs" (or modify the line to have
 the required value):
 
-    PASS_MAX_DAYS     60</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>74f7fff9-afef-4f30-bd70-664608545b60</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs PASS_MAX_DAYS.to_i is expected to cmp &lt;&#x3D; 60</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71985</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86609r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    PASS_MAX_DAYS     60</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71929\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords for new users are restricted to a 60-day maximum lifetime.\"\n  desc  \"Any password, no matter how complex, can eventually be cracked.\nTherefore, passwords need to be changed periodically. If the operating system\ndoes not limit the lifetime of passwords and force users to change their\npasswords, there is the risk that the operating system passwords could be\ncompromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system enforces a 60-day maximum password lifetime\nrestriction for new user accounts.\n\n    Check for the value of \\\"PASS_MAX_DAYS\\\" in \\\"/etc/login.defs\\\" with the\nfollowing command:\n\n    # grep -i pass_max_days /etc/login.defs\n    PASS_MAX_DAYS 60\n\n    If the \\\"PASS_MAX_DAYS\\\" parameter value is not 60 or less, or is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce a 60-day maximum password\nlifetime restriction.\n\n    Add the following line in \\\"/etc/login.defs\\\" (or modify the line to have\nthe required value):\n\n    PASS_MAX_DAYS     60\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000076-GPOS-00044\"\n  tag gid: \"V-71929\"\n  tag rid: \"SV-86553r2_rule\"\n  tag stig_id: \"RHEL-07-010250\"\n  tag fix_id: \"F-78281r1_fix\"\n  tag cci: [\"CCI-000199\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('PASS_MAX_DAYS.to_i') { should cmp &lt;= 60 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs PASS_MAX_DAYS.to_i is expected to cmp &lt;= 60</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71985</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86609r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable the file
-system automounter unless required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system automounter unless required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Automatically mounting file systems permits easy introduction of
-unknown devices, thereby facilitating malicious activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unknown devices, thereby facilitating malicious activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system disables the ability to automount devices.
 
     Check to see if automounter service is active with the following command:
 
     # systemctl status autofs
     autofs.service - Automounts filesystems on demand
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;autofs.service; disabled)
+       Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)
        Active: inactive (dead)
 
-    If the &quot;autofs&quot; status is set to &quot;active&quot; and is not documented with
+    If the "autofs" status is set to "active" and is not documented with
 the Information System Security Officer (ISSO) as an operational requirement,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to automount devices.
 
     Turn off the automount service with the following commands:
@@ -10624,143 +10146,136 @@ this is a finding.</ATTRIBUTE_DATA>
     # systemctl stop autofs
     # systemctl disable autofs
 
-    If &quot;autofs&quot; is required for Network File System (NFS), it must be
-documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>153338d2-957d-4e63-a642-7d6098a59eee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service autofs.service is expected not to be running
---------------------------------
-passed
-Service autofs.service is expected not to be enabled
---------------------------------
-passed
-Service autofs.service is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71993</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86617r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "autofs" is required for Network File System (NFS), it must be
+documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71985\" do\n  title \"The Red Hat Enterprise Linux operating system must disable the file\nsystem automounter unless required.\"\n  desc  \"Automatically mounting file systems permits easy introduction of\nunknown devices, thereby facilitating malicious activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system disables the ability to automount devices.\n\n    Check to see if automounter service is active with the following command:\n\n    # systemctl status autofs\n    autofs.service - Automounts filesystems on demand\n       Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)\n       Active: inactive (dead)\n\n    If the \\\"autofs\\\" status is set to \\\"active\\\" and is not documented with\nthe Information System Security Officer (ISSO) as an operational requirement,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to automount devices.\n\n    Turn off the automount service with the following commands:\n\n    # systemctl stop autofs\n    # systemctl disable autofs\n\n    If \\\"autofs\\\" is required for Network File System (NFS), it must be\ndocumented with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000114-GPOS-00059\"\n  tag satisfies: [\"SRG-OS-000114-GPOS-00059\", \"SRG-OS-000378-GPOS-00163\",\n\"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-71985\"\n  tag rid: \"SV-86609r2_rule\"\n  tag stig_id: \"RHEL-07-020110\"\n  tag fix_id: \"F-78337r2_fix\"\n  tag cci: [\"CCI-000366\", \"CCI-000778\", \"CCI-001958\"]\n  tag nist: [\"CM-6 b\", \"IA-3\", \"IA-3\", \"Rev_4\"]\n\n  describe systemd_service('autofs.service') do\n    it { should_not be_running }\n    it { should_not be_enabled }\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service autofs.service is expected not to be running
+--------------------------------
+passed :: TEST Service autofs.service is expected not to be enabled
+--------------------------------
+passed :: TEST Service autofs.service is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71993</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86617r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A locally logged-on user who presses Ctrl-Alt-Delete, when at the
 console, can reboot the system. If accidentally pressed, as could happen in the
 case of a mixed OS environment, this can create the risk of short-term loss of
 availability of systems due to unintentional reboot. In the GNOME graphical
 environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is
-reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is not configured to reboot the system when
 Ctrl-Alt-Delete is pressed.
 
@@ -10770,870 +10285,816 @@ following command:
     # systemctl status ctrl-alt-del.target
 
     ctrl-alt-del.target
-    Loaded: masked (&#x2F;dev&#x2F;null; bad)
+    Loaded: masked (/dev/null; bad)
     Active: inactive (dead)
 
     If the ctrl-alt-del.target is not masked, this is a finding.
 
-    If the ctrl-alt-del.target is active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the ctrl-alt-del.target is active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable the Ctrl-Alt-Delete sequence for the
 command line with the following command:
 
-    # systemctl mask ctrl-alt-del.target</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d74464b3-5c6f-4de5-93ef-83d69e503af2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service ctrl-alt-del.target is expected not to be running
---------------------------------
-passed
-Service ctrl-alt-del.target is expected not to be enabled</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000327-GPOS-00127</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86719r7_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl mask ctrl-alt-del.target</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71993\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.\"\n  desc  \"A locally logged-on user who presses Ctrl-Alt-Delete, when at the\nconsole, can reboot the system. If accidentally pressed, as could happen in the\ncase of a mixed OS environment, this can create the risk of short-term loss of\navailability of systems due to unintentional reboot. In the GNOME graphical\nenvironment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is\nreduced because the user will be prompted before any action is taken.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is not configured to reboot the system when\nCtrl-Alt-Delete is pressed.\n\n    Check that the ctrl-alt-del.target is masked and not active with the\nfollowing command:\n\n    # systemctl status ctrl-alt-del.target\n\n    ctrl-alt-del.target\n    Loaded: masked (/dev/null; bad)\n    Active: inactive (dead)\n\n    If the ctrl-alt-del.target is not masked, this is a finding.\n\n    If the ctrl-alt-del.target is active, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable the Ctrl-Alt-Delete sequence for the\ncommand line with the following command:\n\n    # systemctl mask ctrl-alt-del.target\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71993\"\n  tag rid: \"SV-86617r5_rule\"\n  tag stig_id: \"RHEL-07-020230\"\n  tag fix_id: \"F-78345r6_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe systemd_service('ctrl-alt-del.target') do\n    it { should_not be_running }\n    it { should_not be_enabled }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service ctrl-alt-del.target is expected not to be running
+--------------------------------
+passed :: TEST Service ctrl-alt-del.target is expected not to be enabled</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000327-GPOS-00127</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86719r7_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all
-executions of privileged functions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+executions of privileged functions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Misuse of privileged functions, either intentionally or
 unintentionally by authorized users, or by unauthorized external entities that
 have compromised information system accounts, is a serious and ongoing concern
 and can have significant adverse impacts on organizations. Auditing the use of
 privileged functions is one way to detect such misuse and identify the risk
-from insider threats and the advanced persistent threat.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+from insider threats and the advanced persistent threat.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system audits the execution of privileged functions
 using the following command:
 
-    # grep -iw execve &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw execve /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b64 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b32 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-    -a always,exit -F arch&#x3D;b64 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
+    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid
+    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid
 
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules for &quot;SUID&quot; files are not
+    If both the "b32" and "b64" audit rules for "SUID" files are not
 defined, this is a finding.
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules for &quot;SGID&quot; files are not
-defined, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules for "SGID" files are not
+defined, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to audit the execution of privileged
 functions.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b64 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b32 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-    -a always,exit -F arch&#x3D;b64 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ffbf3327-f23b-4768-896f-8e29e58f938a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002234</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; action.uniq is expected to eq [&quot;always&quot;]
-
-expected: [&quot;always&quot;]
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid
+    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72095\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all\nexecutions of privileged functions.\"\n  desc  \"Misuse of privileged functions, either intentionally or\nunintentionally by authorized users, or by unauthorized external entities that\nhave compromised information system accounts, is a serious and ongoing concern\nand can have significant adverse impacts on organizations. Auditing the use of\nprivileged functions is one way to detect such misuse and identify the risk\nfrom insider threats and the advanced persistent threat.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system audits the execution of privileged functions\nusing the following command:\n\n    # grep -iw execve /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid\n    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid\n\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules for \\\"SUID\\\" files are not\ndefined, this is a finding.\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules for \\\"SGID\\\" files are not\ndefined, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to audit the execution of privileged\nfunctions.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid\n    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000327-GPOS-00127\"\n  tag gid: \"V-72095\"\n  tag rid: \"SV-86719r7_rule\"\n  tag stig_id: \"RHEL-07-030360\"\n  tag fix_id: \"F-78447r9_fix\"\n  tag cci: [\"CCI-002234\"]\n  tag nist: [\"AC-6 (9)\", \"Rev_4\"]\n\n  # All execve calls should use 'always,exit'\n  describe auditd.syscall('execve') do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n\n  # Work with the SUID rules\n  describe auditd.syscall('execve').where { fields.include?('euid=0') } do\n    its ('arch.uniq') { should include 'b32' }\n    its ('arch.uniq') { should include 'b64' }\n  end\n\n  # Work with the SGID rules\n  describe auditd.syscall('execve').where { fields.include?('egid=0') } do\n    its ('arch.uniq') { should include 'b32' }\n    its ('arch.uniq') { should include 'b64' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002234</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "execve" action.uniq is expected to eq ["always"] :: MESSAGE 
+expected: ["always"]
      got: []
 
-(compared using &#x3D;&#x3D;)
+(compared using ==)
 
 --------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; list.uniq is expected to eq [&quot;exit&quot;]
-
-expected: [&quot;exit&quot;]
+passed :: TEST Auditd Rules with syscall == "execve" list.uniq is expected to eq ["exit"] :: MESSAGE 
+expected: ["exit"]
      got: []
 
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;euid&#x3D;0&quot; arch.uniq is expected to include &quot;b32&quot;
-expected [] to include &quot;b32&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;euid&#x3D;0&quot; arch.uniq is expected to include &quot;b64&quot;
-expected [] to include &quot;b64&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;egid&#x3D;0&quot; arch.uniq is expected to include &quot;b32&quot;
-expected [] to include &quot;b32&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;egid&#x3D;0&quot; arch.uniq is expected to include &quot;b64&quot;
-expected [] to include &quot;b64&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72127</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86751r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030520</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using ==)
+
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "euid=0" arch.uniq is expected to include "b32" :: MESSAGE expected [] to include "b32"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "euid=0" arch.uniq is expected to include "b64" :: MESSAGE expected [] to include "b64"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "egid=0" arch.uniq is expected to include "b32" :: MESSAGE expected [] to include "b32"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "egid=0" arch.uniq is expected to include "b64" :: MESSAGE expected [] to include "b64"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72127</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86751r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030520</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the openat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the openat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;openat&quot; syscall occur.
+successful/unsuccessful attempts to use the "openat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw openat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw openat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;openat&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"openat" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;openat&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>43593b76-59df-449b-bdca-110ac3bcf275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72167</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86791r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "openat" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72127\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe openat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"openat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw openat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"openat\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"openat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72127\"\n  tag rid: \"SV-86751r5_rule\"\n  tag stig_id: \"RHEL-07-030520\"\n  tag fix_id: \"F-78479r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"openat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"openat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"openat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"openat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72167</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86791r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chsh command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chsh command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chsh&quot; command occur.
+successful/unsuccessful attempts to use the "chsh" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chsh &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chsh /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chsh -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chsh&quot; command occur.
+successful/unsuccessful attempts to use the "chsh" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chsh -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0b326906-72de-4659-9a34-27f9795c2989</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chsh&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chsh&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73171</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87823r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030873</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72167\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chsh command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chsh\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -i /usr/bin/chsh /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chsh\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72167\"\n  tag rid: \"SV-86791r4_rule\"\n  tag stig_id: \"RHEL-07-030720\"\n  tag fix_id: \"F-78521r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chsh'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chsh" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chsh" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73171</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87823r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030873</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;shadow.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/shadow.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;shadow.
+/etc/shadow.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;shadow &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/shadow /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;shadow -p wa -k identity
+    -w /etc/shadow -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;shadow.
+/etc/shadow.
 
     Add or update the following file system rule in
-&quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;shadow -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ea44afc4-6f9b-4274-8a04-1607a380ac32</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;shadow&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;shadow&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72297</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86921r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/audit/rules.d/audit.rules":
+
+    -w /etc/shadow -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73171\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/shadow.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/shadow.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/shadow /etc/audit/audit.rules\n\n    -w /etc/shadow -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/shadow.\n\n    Add or update the following file system rule in\n\\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/shadow -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73171\"\n  tag rid: \"SV-87823r4_rule\"\n  tag stig_id: \"RHEL-07-030873\"\n  tag fix_id: \"F-79617r4_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/shadow'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/shadow" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/shadow" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72297</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86921r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-prevent unrestricted mail relaying.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+prevent unrestricted mail relaying.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If unrestricted mail relaying is permitted, unauthorized senders could
 use this host as a mail relay for the purpose of sending spam or other
-unauthorized activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is configured to prevent unrestricted mail relaying.
 
-    Determine if &quot;postfix&quot; is installed with the following commands:
+    Determine if "postfix" is installed with the following commands:
 
     # yum list installed postfix
     postfix-2.6.6-6.el7.x86_64.rpm
@@ -11644,474 +11105,449 @@ unauthorized activity.</ATTRIBUTE_DATA>
 connections from unknown or untrusted networks with the following command:
 
     # postconf -n smtpd_client_restrictions
-    smtpd_client_restrictions &#x3D; permit_mynetworks, reject
-
-    If the &quot;smtpd_client_restrictions&quot; parameter contains any entries other
-than &quot;permit_mynetworks&quot; and &quot;reject&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If &quot;postfix&quot; is installed, modify the &quot;&#x2F;etc&#x2F;postfix&#x2F;main.cf&quot; file to
+    smtpd_client_restrictions = permit_mynetworks, reject
+
+    If the "smtpd_client_restrictions" parameter contains any entries other
+than "permit_mynetworks" and "reject", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If "postfix" is installed, modify the "/etc/postfix/main.cf" file to
 restrict client connections to the local network with the following command:
 
-    # postconf -e &#39;smtpd_client_restrictions &#x3D; permit_mynetworks,reject&#39;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a6f0824e-0045-46ed-a617-2e88dc9df8ef</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;postconf -n smtpd_client_restrictions&#x60; stdout.strip is expected to match &#x2F;^smtpd_client_restrictions\s+&#x3D;\s+permit_mynetworks,\s*reject\s*$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86787r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72297\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nprevent unrestricted mail relaying.\"\n  desc  \"If unrestricted mail relaying is permitted, unauthorized senders could\nuse this host as a mail relay for the purpose of sending spam or other\nunauthorized activity.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is configured to prevent unrestricted mail relaying.\n\n    Determine if \\\"postfix\\\" is installed with the following commands:\n\n    # yum list installed postfix\n    postfix-2.6.6-6.el7.x86_64.rpm\n\n    If postfix is not installed, this is Not Applicable.\n\n    If postfix is installed, determine if it is configured to reject\nconnections from unknown or untrusted networks with the following command:\n\n    # postconf -n smtpd_client_restrictions\n    smtpd_client_restrictions = permit_mynetworks, reject\n\n    If the \\\"smtpd_client_restrictions\\\" parameter contains any entries other\nthan \\\"permit_mynetworks\\\" and \\\"reject\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    If \\\"postfix\\\" is installed, modify the \\\"/etc/postfix/main.cf\\\" file to\nrestrict client connections to the local network with the following command:\n\n    # postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72297\"\n  tag rid: \"SV-86921r3_rule\"\n  tag stig_id: \"RHEL-07-040680\"\n  tag fix_id: \"F-78651r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  # Only permit_mynetworks and reject should be allowed\n  describe.one do\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+permit_mynetworks,\\s*reject\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+permit_mynetworks\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+reject\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+reject,\\s*permit_mynetworks\\s*$} }\n    end\n  end if package('postfix').installed?\n\n  describe \"The `postfix` package is not installed\" do\n    skip \"The `postfix` package is not installed, this control is Not Applicable\"\n  end if !package('postfix').installed?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `postconf -n smtpd_client_restrictions` stdout.strip is expected to match /^smtpd_client_restrictions\s+=\s+permit_mynetworks,\s*reject\s*$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86787r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the sudoers file and all files in the &#x2F;etc&#x2F;sudoers.d&#x2F; directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the sudoers file and all files in the /etc/sudoers.d/ directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to access the &quot;&#x2F;etc&#x2F;sudoers&quot; file and files
-in the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; directory.
+successful/unsuccessful attempts to access the "/etc/sudoers" file and files
+in the "/etc/sudoers.d/" directory.
 
     Check for modification of the following files being audited by performing
 the following commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -i &quot;&#x2F;etc&#x2F;sudoers&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i "/etc/sudoers" /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;sudoers -p wa -k privileged-actions
+    -w /etc/sudoers -p wa -k privileged-actions
 
-    # grep -i &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i "/etc/sudoers.d/" /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;sudoers.d&#x2F; -p wa -k privileged-actions
+    -w /etc/sudoers.d/ -p wa -k privileged-actions
 
     If the commands do not return output that match the examples, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to access the &quot;&#x2F;etc&#x2F;sudoers&quot; file and files
-in the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; directory.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;sudoers -p wa -k privileged-actions
-
-    -w &#x2F;etc&#x2F;sudoers.d&#x2F; -p wa -k privileged-actions
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>547b04e6-9a2b-41b9-93b7-27ea919ea10d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers.d&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers.d&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72109</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86733r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to access the "/etc/sudoers" file and files
+in the "/etc/sudoers.d/" directory.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/sudoers -p wa -k privileged-actions
+
+    -w /etc/sudoers.d/ -p wa -k privileged-actions
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72163\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe sudoers file and all files in the /etc/sudoers.d/ directory.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to access the \\\"/etc/sudoers\\\" file and files\nin the \\\"/etc/sudoers.d/\\\" directory.\n\n    Check for modification of the following files being audited by performing\nthe following commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -i \\\"/etc/sudoers\\\" /etc/audit/audit.rules\n\n    -w /etc/sudoers -p wa -k privileged-actions\n\n    # grep -i \\\"/etc/sudoers.d/\\\" /etc/audit/audit.rules\n\n    -w /etc/sudoers.d/ -p wa -k privileged-actions\n\n    If the commands do not return output that match the examples, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to access the \\\"/etc/sudoers\\\" file and files\nin the \\\"/etc/sudoers.d/\\\" directory.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/sudoers -p wa -k privileged-actions\n\n    -w /etc/sudoers.d/ -p wa -k privileged-actions\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72163\"\n  tag rid: \"SV-86787r5_rule\"\n  tag stig_id: \"RHEL-07-030700\"\n  tag fix_id: \"F-78517r6_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_files = ['/etc/sudoers', '/etc/sudoers.d']\n\n  if audit_files.any? { |audit_file| file(audit_file).exist? }\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  audit_files.each do |audit_file|\n    describe auditd.file(audit_file) do\n      its('permissions') { should_not cmp [] }\n      its('action') { should_not include 'never' }\n    end if file(audit_file).exist?\n\n    # Resource creates data structure including all usages of file\n    perms = auditd.file(audit_file).permissions\n\n    perms.each do |perm|\n      describe perm do\n        it { should include 'w' }\n        it { should include 'a' }\n      end\n    end if file(audit_file).exist?\n  end\n\n  describe \"The #{audit_files} files do not exist\" do\n    skip \"The #{audit_files} files do not exist, this requirement is Not Applicable.\"\n  end if !audit_files.any? { |audit_file| file(audit_file).exist? }\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/sudoers" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers.d" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers.d" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72109</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86733r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchmodat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchmodat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmodat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmodat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw fchmodat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchmodat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchmodat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchmodat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmodat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmodat" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0ccc1589-84fa-479c-b8f5-ab7b19835826</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71999</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86623r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020260</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72109\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchmodat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmodat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw fchmodat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchmodat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmodat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72109\"\n  tag rid: \"SV-86733r5_rule\"\n  tag stig_id: \"RHEL-07-030430\"\n  tag fix_id: \"F-78461r8_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchmodat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchmodat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71999</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86623r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020260</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system security patches and
-updates must be installed and up to date.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+updates must be installed and up to date.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Timely patching is critical for maintaining the operational
 availability, confidentiality, and integrity of information technology (IT)
 systems. However, failure to keep operating system and application software
@@ -12121,20 +11557,20 @@ keep abreast of all the new patches. When new weaknesses in an operating system
 exist, patches are usually made available by the vendor to resolve the
 problems. If the most recent security patches and updates are not installed,
 unauthorized users may take advantage of weaknesses in the unpatched software.
-The lack of prompt attention to patching could result in a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The lack of prompt attention to patching could result in a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system security patches and updates are installed and
 up to date. Updates are required to be applied with a frequency determined by
 the site or Program Management Office (PMO).
 
     Obtain the list of available package security updates from Red Hat. The URL
-for updates is https:&#x2F;&#x2F;rhn.redhat.com&#x2F;errata&#x2F;. It is important to note that
+for updates is https://rhn.redhat.com/errata/. It is important to note that
 updates provided by Red Hat may not be present on the system if the underlying
 packages are not installed.
 
@@ -12157,228 +11593,201 @@ Altered
 84 EE
 
     If package updates have not been performed on the system within the
-timeframe that the site&#x2F;program documentation requires, this is a finding.
+timeframe that the site/program documentation requires, this is a finding.
 
     Typical update frequency may be overridden by Information Assurance
 Vulnerability Alert (IAVA) notifications from CYBERCOM.
 
     If the operating system is in non-compliance with the Information Assurance
-Vulnerability Management (IAVM) process, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Vulnerability Management (IAVM) process, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install the operating system patches or updated packages
-available from Red Hat within 30 days or sooner as local policy dictates.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>83f077aa-b7b6-4dd8-acf0-7b5f5bab520b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-List of out-of-date packages is expected to be empty
-expected &#x60;[&quot;bind-export-libs&quot;, &quot;device-mapper&quot;, &quot;device-mapper-libs&quot;, &quot;python-requests&quot;, &quot;systemd&quot;, &quot;puppet5-release&quot;, &quot;systemd-sysv&quot;, &quot;systemd-libs&quot;, &quot;libgudev1&quot;, &quot;rh-amazon-rhui-client&quot;].empty?&#x60; to return true, got false
---------------------------------
-passed
-System Package bind-export-libs version is expected to eq &quot;9.11.4-16.P2.el7_8.2&quot;
-
-expected: &quot;9.11.4-16.P2.el7_8.2&quot;
-     got: &quot;9.11.4-16.P2.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package device-mapper version is expected to eq &quot;1.02.164-7.el7_8.1&quot;
-
-expected: &quot;1.02.164-7.el7_8.1&quot;
-     got: &quot;1.02.164-7.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package device-mapper-libs version is expected to eq &quot;1.02.164-7.el7_8.1&quot;
-
-expected: &quot;1.02.164-7.el7_8.1&quot;
-     got: &quot;1.02.164-7.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package python-requests version is expected to eq &quot;2.6.0-9.el7_8&quot;
-
-expected: &quot;2.6.0-9.el7_8&quot;
-     got: &quot;2.6.0-8.el7_7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package puppet5-release version is expected to eq &quot;5.0.0-11.el6&quot;
-
-expected: &quot;5.0.0-11.el6&quot;
-     got: &quot;5.0.0-4.el6&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd-sysv version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd-libs version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package libgudev1 version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package rh-amazon-rhui-client version is expected to eq &quot;3.0.26-1.el7&quot;
-
-expected: &quot;3.0.26-1.el7&quot;
-     got: &quot;3.0.18-1.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72073</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86697r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+available from Red Hat within 30 days or sooner as local policy dictates.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71999\" do\n  title \"The Red Hat Enterprise Linux operating system security patches and\nupdates must be installed and up to date.\"\n  desc  \"Timely patching is critical for maintaining the operational\navailability, confidentiality, and integrity of information technology (IT)\nsystems. However, failure to keep operating system and application software\npatched is a common mistake made by IT professionals. New patches are released\ndaily, and it is often difficult for even experienced System Administrators to\nkeep abreast of all the new patches. When new weaknesses in an operating system\nexist, patches are usually made available by the vendor to resolve the\nproblems. If the most recent security patches and updates are not installed,\nunauthorized users may take advantage of weaknesses in the unpatched software.\nThe lack of prompt attention to patching could result in a system compromise.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system security patches and updates are installed and\nup to date. Updates are required to be applied with a frequency determined by\nthe site or Program Management Office (PMO).\n\n    Obtain the list of available package security updates from Red Hat. The URL\nfor updates is https://rhn.redhat.com/errata/. It is important to note that\nupdates provided by Red Hat may not be present on the system if the underlying\npackages are not installed.\n\n    Check that the available package security updates have been installed on\nthe system with the following command:\n\n    # yum history list | more\n    Loaded plugins: langpacks, product-id, subscription-manager\n    ID     | Command line             | Date and time    | Action(s)      |\nAltered\n\n-------------------------------------------------------------------------------\n        70 | install aide             | 2016-05-05 10:58 | Install       |\n1\n        69 | update -y                | 2016-05-04 14:34 | Update     |   18 EE\n        68 | install vlc                | 2016-04-21 17:12 | Install        |\n21\n        67 | update -y                | 2016-04-21 17:04 | Update     |     7 EE\n        66 | update -y                | 2016-04-15 16:47 | E, I, U         |\n84 EE\n\n    If package updates have not been performed on the system within the\ntimeframe that the site/program documentation requires, this is a finding.\n\n    Typical update frequency may be overridden by Information Assurance\nVulnerability Alert (IAVA) notifications from CYBERCOM.\n\n    If the operating system is in non-compliance with the Information Assurance\nVulnerability Management (IAVM) process, this is a finding.\n  \"\n  desc  \"fix\", \"Install the operating system patches or updated packages\navailable from Red Hat within 30 days or sooner as local policy dictates.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71999\"\n  tag rid: \"SV-86623r4_rule\"\n  tag stig_id: \"RHEL-07-020260\"\n  tag fix_id: \"F-78351r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  updates = linux_update.updates\n  package_names = updates.map { |h| h['name'] }\n\n  describe.one do\n    describe 'List of out-of-date packages' do\n      subject { package_names }\n      it { should be_empty }\n    end\n\n    updates.each do |update|\n      describe package(update['name']) do\n        its('version') { should eq update['version'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST List of out-of-date packages is expected to be empty :: MESSAGE expected `["bind-export-libs", "device-mapper", "device-mapper-libs", "python-requests", "systemd", "puppet5-release", "systemd-sysv", "systemd-libs", "libgudev1", "rh-amazon-rhui-client"].empty?` to return true, got false
+--------------------------------
+passed :: TEST System Package bind-export-libs version is expected to eq "9.11.4-16.P2.el7_8.2" :: MESSAGE 
+expected: "9.11.4-16.P2.el7_8.2"
+     got: "9.11.4-16.P2.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package device-mapper version is expected to eq "1.02.164-7.el7_8.1" :: MESSAGE 
+expected: "1.02.164-7.el7_8.1"
+     got: "1.02.164-7.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package device-mapper-libs version is expected to eq "1.02.164-7.el7_8.1" :: MESSAGE 
+expected: "1.02.164-7.el7_8.1"
+     got: "1.02.164-7.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package python-requests version is expected to eq "2.6.0-9.el7_8" :: MESSAGE 
+expected: "2.6.0-9.el7_8"
+     got: "2.6.0-8.el7_7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package puppet5-release version is expected to eq "5.0.0-11.el6" :: MESSAGE 
+expected: "5.0.0-11.el6"
+     got: "5.0.0-4.el6"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd-sysv version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd-libs version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package libgudev1 version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package rh-amazon-rhui-client version is expected to eq "3.0.26-1.el7" :: MESSAGE 
+expected: "3.0.26-1.el7"
+     got: "3.0.18-1.el7"
+
+(compared using ==)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72073</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86697r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a file
 integrity tool that is configured to use FIPS 140-2 approved cryptographic
-hashes for validating file contents and directories.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+hashes for validating file contents and directories.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>File integrity tools use cryptographic hashes for verifying file
 contents and directories have not been altered. These hashes must be FIPS 140-2
-approved cryptographic hashes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+approved cryptographic hashes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to use FIPS 140-2 approved
 cryptographic hashes for validating file contents and directories.
 
@@ -12398,147 +11807,140 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;sha512&quot; rule has been
+    Check the "aide.conf" file to determine if the "sha512" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;sha512&quot; rule follows:
+    An example rule that includes the "sha512" rule follows:
 
-    All&#x3D;p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;sha512&quot; rule is not being used on all uncommented selection lines
-in the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or another file integrity tool is not using
+    If the "sha512" rule is not being used on all uncommented selection lines
+in the "/etc/aide.conf" file, or another file integrity tool is not using
 FIPS 140-2 approved cryptographic hashes for validating file contents and
-directories, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+directories, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to use FIPS 140-2 cryptographic hashes
 for validating file and directory contents.
 
-    If AIDE is installed, ensure the &quot;sha512&quot; rule is present on all
-uncommented file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b5ad6509-71e6-49fd-aa5c-8f5f8c1ca614</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;sha512&#39; rule is expected to be empty
-expected &#x60;[&quot;&#x2F;root&#x2F;\\..*&quot;, &quot;&#x2F;var&#x2F;log&#x2F;faillog$&quot;, &quot;&#x2F;var&#x2F;log&#x2F;lastlog$&quot;, &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot;, &quot;&#x2F;var&#x2F;log&quot;, &quot;&#x2F;var&#x2F;run&#x2F;utmp$&quot;, &quot;&#x2F;etc&quot;].empty?&#x60; to return true, got false</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71863</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86487r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "sha512" rule is present on all
+uncommented file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72073\" do\n  title \"The Red Hat Enterprise Linux operating system must use a file\nintegrity tool that is configured to use FIPS 140-2 approved cryptographic\nhashes for validating file contents and directories.\"\n  desc  \"File integrity tools use cryptographic hashes for verifying file\ncontents and directories have not been altered. These hashes must be FIPS 140-2\napproved cryptographic hashes.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to use FIPS 140-2 approved\ncryptographic hashes for validating file contents and directories.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding too\nas the system cannot implement FIPS 140-2 approved cryptographic algorithms and\nhashes.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"sha512\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"sha512\\\" rule follows:\n\n    All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"sha512\\\" rule is not being used on all uncommented selection lines\nin the \\\"/etc/aide.conf\\\" file, or another file integrity tool is not using\nFIPS 140-2 approved cryptographic hashes for validating file contents and\ndirectories, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to use FIPS 140-2 cryptographic hashes\nfor validating file and directory contents.\n\n    If AIDE is installed, ensure the \\\"sha512\\\" rule is present on all\nuncommented file and directory selection lists.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72073\"\n  tag rid: \"SV-86697r3_rule\"\n  tag stig_id: \"RHEL-07-021620\"\n  tag fix_id: \"F-78425r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  exclude_patterns = input('aide_exclude_patterns')\n\n  findings = aide_conf.where { !selection_line.start_with?('!') &amp;&amp; !exclude_patterns.include?(selection_line) &amp;&amp; !rules.include?('sha512')}\n\n  describe \"List of monitored files/directories without 'sha512' rule\" do\n    subject { findings.selection_lines }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'sha512' rule is expected to be empty :: MESSAGE expected `["/root/\\..*", "/var/log/faillog$", "/var/log/lastlog$", "/var/run/faillock", "/var/log", "/var/run/utmp$", "/etc"].empty?` to return true, got false</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71863</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86487r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner before granting local or
-remote access to the system via a command line user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+remote access to the system via a command line user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -12551,7 +11953,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12576,14 +11978,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the Standard Mandatory DoD Notice and
 Consent Banner before granting access to the operating system via a command
 line user logon.
@@ -12591,10 +11993,10 @@ line user logon.
     Check to see if the operating system displays a banner at the command line
 logon screen with the following command:
 
-    # more &#x2F;etc&#x2F;issue
+    # more /etc/issue
 
     The command should return the following text:
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12619,24 +12021,24 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
+Agreement for details."
 
     If the operating system does not display a graphical logon banner or the
 banner does not match the Standard Mandatory DoD Notice and Consent Banner,
 this is a finding.
 
-    If the text in the &quot;&#x2F;etc&#x2F;issue&quot; file does not match the Standard
-Mandatory DoD Notice and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the text in the "/etc/issue" file does not match the Standard
+Mandatory DoD Notice and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system via the command line by
-editing the &quot;&#x2F;etc&#x2F;issue&quot; file.
+editing the "/etc/issue" file.
 
     Replace the default text with the Standard Mandatory DoD Notice and Consent
 Banner. The DoD required text is:
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12661,297 +12063,283 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants.  Such
 communications and work product are private and confidential.  See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ca2b57a6-0128-470e-abc2-5bcb630e61aa</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The banner text should match the standard banner is expected to cmp &#x3D;&#x3D; &quot;YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.&quot;
-
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71863\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner before granting local or\nremote access to the system via a command line user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the Standard Mandatory DoD Notice and\nConsent Banner before granting access to the operating system via a command\nline user logon.\n\n    Check to see if the operating system displays a banner at the command line\nlogon screen with the following command:\n\n    # more /etc/issue\n\n    The command should return the following text:\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    If the operating system does not display a graphical logon banner or the\nbanner does not match the Standard Mandatory DoD Notice and Consent Banner,\nthis is a finding.\n\n    If the text in the \\\"/etc/issue\\\" file does not match the Standard\nMandatory DoD Notice and Consent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system via the command line by\nediting the \\\"/etc/issue\\\" file.\n\n    Replace the default text with the Standard Mandatory DoD Notice and Consent\nBanner. The DoD required text is:\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants.  Such\ncommunications and work product are private and confidential.  See User\nAgreement for details.\\\"\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\"]\n  tag gid: \"V-71863\"\n  tag rid: \"SV-86487r3_rule\"\n  tag stig_id: \"RHEL-07-010050\"\n  tag fix_id: \"F-78217r2_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  banner_message_text_cli = input('banner_message_text_cli')\n  banner_message_text_cli_limited = input('banner_message_text_cli_limited')\n\n  clean_banner = banner_message_text_cli.gsub(%r{[\\r\\n\\s]}, '')\n  clean_banner_limited = banner_message_text_cli_limited.gsub(%r{[\\r\\n\\s]}, '')\n  banner_file = file(\"/etc/issue\")\n  banner_missing = !banner_file.exist?\n\n  describe \"The banner text is not set because /etc/issue does not exist\" do\n    subject { banner_missing }\n    it { should be false }\n  end if banner_missing\n\n  banner_message = banner_file.content.gsub(%r{[\\r\\n\\s]}, '')\n  describe.one do\n    describe \"The banner text should match the standard banner\" do\n      subject { banner_message }\n      it { should cmp clean_banner }\n    end\n    describe \"The banner text should match the limited banner\" do\n      subject { banner_message }\n      it{should cmp clean_banner_limited }\n    end\n  end if !banner_missing\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The banner text should match the standard banner is expected to cmp == "YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails." :: MESSAGE 
 expected: YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-The banner text should match the limited banner is expected to cmp &#x3D;&#x3D; &quot;I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.&quot;
-
-expected: I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.
+passed :: TEST The banner text should match the limited banner is expected to cmp == "I'veread&amp;consenttotermsinISuseragreem't." :: MESSAGE 
+expected: I'veread&amp;consenttotermsinISuseragreem't.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72319</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86943r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040830</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72319</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86943r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040830</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward IPv6
-source-routed packets.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+source-routed packets.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv6
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If IPv6 is not enabled, the key will not exist, and this is Not Applicable.
 
     Verify the system does not accept IPv6 source-routed packets.
 
-    # grep net.ipv6.conf.all.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    net.ipv6.conf.all.accept_source_route = 0
 
-    If &quot;net.ipv6.conf.all.accept_source_route&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or
-does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv6.conf.all.accept_source_route" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv6.conf.all.accept_source_route
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route
+    net.ipv6.conf.all.accept_source_route = 0
 
-    If the returned lines do not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned lines do not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter, if IPv6 is enabled, by
-adding the following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in
-the &#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+adding the following line to "/etc/sysctl.conf" or a configuration file in
+the /etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    net.ipv6.conf.all.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>89609011-f2a8-4c1a-b1be-5aa6ecbbb2d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv6.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86853r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040190</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72319\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward IPv6\nsource-routed packets.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv6\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If IPv6 is not enabled, the key will not exist, and this is Not Applicable.\n\n    Verify the system does not accept IPv6 source-routed packets.\n\n    # grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    net.ipv6.conf.all.accept_source_route = 0\n\n    If \\\"net.ipv6.conf.all.accept_source_route\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route\n    net.ipv6.conf.all.accept_source_route = 0\n\n    If the returned lines do not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter, if IPv6 is enabled, by\nadding the following line to \\\"/etc/sysctl.conf\\\" or a configuration file in\nthe /etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv6.conf.all.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72319\"\n  tag rid: \"SV-86943r2_rule\"\n  tag stig_id: \"RHEL-07-040830\"\n  tag fix_id: \"F-78673r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe kernel_parameter('net.ipv6.conf.all.accept_source_route') do\n      its('value') { should eq 0 }\n    end\n\t# If IPv6 is disabled in the kernel it will return NIL\n    describe kernel_parameter('net.ipv6.conf.all.accept_source_route') do\n      its('value') { should eq nil }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv6.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86853r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040190</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -12962,311 +12350,297 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; the LDAP is currently using:
+    Determine the "id_provider" the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Verify the sssd service is configured to require the use of certificates:
 
-    # grep -i tls_reqcert &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
-    ldap_tls_reqcert &#x3D; demand
+    # grep -i tls_reqcert /etc/sssd/sssd.conf
+    ldap_tls_reqcert = demand
 
-    If the &quot;ldap_tls_reqcert&quot; setting is missing, commented out, or does not
+    If the "ldap_tls_reqcert" setting is missing, commented out, or does not
 exist, this is a finding.
 
-    If the &quot;ldap_tls_reqcert&quot; setting is not set to &quot;demand&quot; or &quot;hard&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ldap_tls_reqcert" setting is not set to "demand" or "hard",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP remote access sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_tls_reqcert &#x3D; demand</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0e504cb3-3075-4f77-910e-53810975e797</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72103</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86727r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030400</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_tls_reqcert = demand</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72229\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP access sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Verify the sssd service is configured to require the use of certificates:\n\n    # grep -i tls_reqcert /etc/sssd/sssd.conf\n    ldap_tls_reqcert = demand\n\n    If the \\\"ldap_tls_reqcert\\\" setting is missing, commented out, or does not\nexist, this is a finding.\n\n    If the \\\"ldap_tls_reqcert\\\" setting is not set to \\\"demand\\\" or \\\"hard\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP remote access sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_tls_reqcert = demand\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72229\"\n  tag rid: \"SV-86853r4_rule\"\n  tag stig_id: \"RHEL-07-040190\"\n  tag fix_id: \"F-78583r4_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  sssd_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*[a-z]*_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or sssd_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if sssd_ldap_enabled\n    ldap_tls_cacertdir = command('grep -i ldap_tls_cacertdir /etc/sssd/sssd.conf').\n      stdout.strip.scan(%r{^ldap_tls_cacertdir\\s*=\\s*(.*)}).last\n\n    describe \"ldap_tls_cacertdir\" do\n      subject { ldap_tls_cacertdir }\n      it { should_not eq nil }\n    end\n\n    describe file(ldap_tls_cacertdir.last) do\n      it { should exist }\n      it { should be_directory }\n    end if !ldap_tls_cacertdir.nil?\n  end\n\n  if pam_ldap_enabled\n    tls_cacertdir = command('grep -i tls_cacertdir /etc/pam_ldap.conf').\n      stdout.strip.scan(%r{^tls_cacertdir\\s+(.*)}).last\n\n    describe \"tls_cacertdir\" do\n      subject { tls_cacertdir }\n      it { should_not eq nil }\n    end\n\n    describe file(tls_cacertdir.last) do\n      it { should exist }\n      it { should be_directory }\n    end if !tls_cacertdir.nil?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72103</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86727r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030400</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchownat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchownat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchownat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchownat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fchownat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchownat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchownat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchownat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>abff3fdf-06ba-4e50-986d-4b4811117a1f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86701r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72103\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchownat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchownat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fchownat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchownat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72103\"\n  tag rid: \"SV-86727r5_rule\"\n  tag stig_id: \"RHEL-07-030400\"\n  tag fix_id: \"F-78455r7_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchownat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchownat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86701r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
-telnet-server package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+telnet-server package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is detrimental for operating systems to provide, or install by
 default, functionality exceeding requirements or mission objectives. These
 unnecessary capabilities or services are often overlooked and therefore may
@@ -13281,14 +12655,14 @@ functions).
     Examples of non-essential capabilities include, but are not limited to,
 games, software packages, tools, and demonstration software not related to
 requirements or providing a wide array of functionality not required for every
-mission, but which cannot be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+mission, but which cannot be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is configured to disable non-essential
 capabilities. The most secure way of ensuring a non-essential capability is
 disabled is to not have the capability installed.
@@ -13305,415 +12679,399 @@ command:
 
     # yum list installed telnet-server
 
-    If the telnet-server package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the telnet-server package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
 removing the telnet-server package from the system with the following command:
 
-    # yum remove telnet-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eae1322e-aa77-4852-8358-e1bfae3334f7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package telnet-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71949</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86573r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove telnet-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72077\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\ntelnet-server package installed.\"\n  desc  \"It is detrimental for operating systems to provide, or install by\ndefault, functionality exceeding requirements or mission objectives. These\nunnecessary capabilities or services are often overlooked and therefore may\nremain unsecured. They increase the risk to the platform by providing\nadditional attack vectors.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services, provided by default, may not be\nnecessary to support essential organizational operations (e.g., key missions,\nfunctions).\n\n    Examples of non-essential capabilities include, but are not limited to,\ngames, software packages, tools, and demonstration software not related to\nrequirements or providing a wide array of functionality not required for every\nmission, but which cannot be disabled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is configured to disable non-essential\ncapabilities. The most secure way of ensuring a non-essential capability is\ndisabled is to not have the capability installed.\n\n    The telnet service provides an unencrypted remote access service that does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session.\n\n    If a privileged user were to log on using this service, the privileged user\npassword could be compromised.\n\n    Check to see if the telnet-server package is installed with the following\ncommand:\n\n    # yum list installed telnet-server\n\n    If the telnet-server package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the telnet-server package from the system with the following command:\n\n    # yum remove telnet-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-72077\"\n  tag rid: \"SV-86701r2_rule\"\n  tag stig_id: \"RHEL-07-021710\"\n  tag fix_id: \"F-78429r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package('telnet-server') do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package telnet-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71949</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86573r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that users must re-authenticate for privilege escalation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that users must re-authenticate for privilege escalation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without re-authentication, users may access resources or perform tasks
 for which they do not have authorization.
 
     When operating systems provide the capability to escalate a functional
-capability, it is critical the user reauthenticate.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+capability, it is critical the user reauthenticate.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system requires users to reauthenticate for privilege
 escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; and &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot;
+    Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*"
 files with the following command:
 
-    # grep -i authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
+    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*
 
-    If any uncommented line is found with a &quot;!authenticate&quot; tag, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any uncommented line is found with a "!authenticate" tag, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require users to reauthenticate for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; file with the following
+    Check the configuration of the "/etc/sudoers" file with the following
 command:
 
     # visudo
-    Remove any occurrences of &quot;!authenticate&quot; tags in the file.
+    Remove any occurrences of "!authenticate" tags in the file.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot; files with the
+    Check the configuration of the "/etc/sudoers.d/*" files with the
 following command:
 
-    # grep -i authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
-    Remove any occurrences of &quot;!authenticate&quot; tags in the file(s).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7900e602-35bd-44a4-940f-ef71ab2bccdd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -ir authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*&#x60; stdout is expected not to match &#x2F;!authenticate&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86657r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*
+    Remove any occurrences of "!authenticate" tags in the file(s).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71949\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat users must re-authenticate for privilege escalation.\"\n  desc  \"Without re-authentication, users may access resources or perform tasks\nfor which they do not have authorization.\n\n    When operating systems provide the capability to escalate a functional\ncapability, it is critical the user reauthenticate.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system requires users to reauthenticate for privilege\nescalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" and \\\"/etc/sudoers.d/*\\\"\nfiles with the following command:\n\n    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*\n\n    If any uncommented line is found with a \\\"!authenticate\\\" tag, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require users to reauthenticate for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" file with the following\ncommand:\n\n    # visudo\n    Remove any occurrences of \\\"!authenticate\\\" tags in the file.\n\n    Check the configuration of the \\\"/etc/sudoers.d/*\\\" files with the\nfollowing command:\n\n    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*\n    Remove any occurrences of \\\"!authenticate\\\" tags in the file(s).\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000373-GPOS-00156\"\n  tag satisfies: [\"SRG-OS-000373-GPOS-00156\", \"SRG-OS-000373-GPOS-00157\",\n\"SRG-OS-000373-GPOS-00158\"]\n  tag gid: \"V-71949\"\n  tag rid: \"SV-86573r3_rule\"\n  tag stig_id: \"RHEL-07-010350\"\n  tag fix_id: \"F-78301r3_fix\"\n  tag cci: [\"CCI-002038\"]\n  tag nist: [\"IA-11\", \"Rev_4\"]\n\n  describe command(\"grep -ir authenticate /etc/sudoers /etc/sudoers.d/*\") do\n    its('stdout') { should_not match %r{!authenticate} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -ir authenticate /etc/sudoers /etc/sudoers.d/*` stdout is expected not to match /!authenticate/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86657r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all local initialization files have mode 0740 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Local initialization files are used to configure the user&#39;s shell
+that all local initialization files have mode 0740 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Local initialization files are used to configure the user's shell
 environment upon logon. Malicious modification of these files could compromise
-accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that all local initialization files have a mode of &quot;0740&quot; or less
+accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that all local initialization files have a mode of "0740" or less
 permissive.
 
     Check the mode on all local initialization files with the following command:
 
-    Note: The example will be for the &quot;smithj&quot; user, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the "smithj" user, who has a home directory
+of "/home/smithj".
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr----- 1 smithj users 896 Mar 10 2011 .profile
     -rwxr----- 1 smithj users 497 Jan 6 2007 .login
     -rwxr----- 1 smithj users 886 Jan 6 2007 .something
 
     If any local initialization files have a mode more permissive than
-&quot;0740&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the mode of the local initialization files to &quot;0740&quot; with the
+"0740", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the mode of the local initialization files to "0740" with the
 following command:
 
-    Note: The example will be for the &quot;smithj&quot; user, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chmod 0740 &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>34d1bc8c-7673-4e50-b112-837c2b0dadbf</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {&quot;&#x2F;root&#x2F;.bash_logout&quot;, &quot;&#x2F;root&#x2F;.bash_profile&quot;, &quot;&#x2F;root&#x2F;.bashrc&quot;, &quot;&#x2F;root&#x2F;.cshrc&quot;, &quot;&#x2F;root&#x2F;.tcshrc&quot;}&gt; is expected to be empty
-expected &#x60;#&lt;Set: {&quot;&#x2F;root&#x2F;.bash_logout&quot;, &quot;&#x2F;root&#x2F;.bash_profile&quot;, &quot;&#x2F;root&#x2F;.bashrc&quot;, &quot;&#x2F;root&#x2F;.cshrc&quot;, &quot;&#x2F;root&#x2F;.tcshrc&quot;}&gt;.empty?&#x60; to return true, got false</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71911</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86535r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Note: The example will be for the "smithj" user, who has a home directory
+of "/home/smithj".
+
+    # chmod 0740 /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72033\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files have mode 0740 or less permissive.\"\n  desc  \"Local initialization files are used to configure the user's shell\nenvironment upon logon. Malicious modification of these files could compromise\naccounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all local initialization files have a mode of \\\"0740\\\" or less\npermissive.\n\n    Check the mode on all local initialization files with the following command:\n\n    Note: The example will be for the \\\"smithj\\\" user, who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr----- 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr----- 1 smithj users 497 Jan 6 2007 .login\n    -rwxr----- 1 smithj users 886 Jan 6 2007 .something\n\n    If any local initialization files have a mode more permissive than\n\\\"0740\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the mode of the local initialization files to \\\"0740\\\" with the\nfollowing command:\n\n    Note: The example will be for the \\\"smithj\\\" user, who has a home directory\nof \\\"/home/smithj\\\".\n\n    # chmod 0740 /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72033\"\n  tag rid: \"SV-86657r3_rule\"\n  tag stig_id: \"RHEL-07-020710\"\n  tag fix_id: \"F-78385r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    findings = findings + command(\"find #{user_info.home} -xdev -maxdepth 1 -name '.*' -type f -perm /037\").stdout.split(\"\\n\")\n  end\n  describe findings do\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {"/root/.bash_logout", "/root/.bash_profile", "/root/.bashrc", "/root/.cshrc", "/root/.tcshrc"}&gt; is expected to be empty :: MESSAGE expected `#&lt;Set: {"/root/.bash_logout", "/root/.bash_profile", "/root/.bashrc", "/root/.cshrc", "/root/.tcshrc"}&gt;.empty?` to return true, got false</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71911</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86535r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed a minimum of eight of the total number of
-characters must be changed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+characters must be changed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -13722,146 +13080,141 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;difok&quot; option sets the number of characters in a password that must
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "difok" option sets the number of characters in a password that must
 not be present in the old password.
 
-    Check for the value of the &quot;difok&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "difok" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep difok &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    difok &#x3D; 8
+    # grep difok /etc/security/pwquality.conf
+    difok = 8
 
-    If the value of &quot;difok&quot; is set to less than &quot;8&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "difok" is set to less than "8", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of at least eight of
 the total number of characters when passwords are changed by setting the
-&quot;difok&quot; option.
+"difok" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    difok &#x3D; 8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>43824e45-e719-4bad-97ed-664eb7b69996</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf difok.to_i is expected to cmp &gt;&#x3D; 8</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72269</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000355-GPOS-00143</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86893r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    difok = 8</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71911\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed a minimum of eight of the total number of\ncharacters must be changed.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"difok\\\" option sets the number of characters in a password that must\nnot be present in the old password.\n\n    Check for the value of the \\\"difok\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep difok /etc/security/pwquality.conf\n    difok = 8\n\n    If the value of \\\"difok\\\" is set to less than \\\"8\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of at least eight of\nthe total number of characters when passwords are changed by setting the\n\\\"difok\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    difok = 8\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71911\"\n  tag rid: \"SV-86535r2_rule\"\n  tag stig_id: \"RHEL-07-010160\"\n  tag fix_id: \"F-78263r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  difok = input('difok')\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('difok.to_i') { should cmp &gt;= difok }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf difok.to_i is expected to cmp &gt;= 8</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72269</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000355-GPOS-00143</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86893r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must, for networked
 systems, synchronize clocks with a server that is synchronized to one of the
 redundant United States Naval Observatory (USNO) time servers, a time server
-designated for the appropriate DoD network (NIPRNet&#x2F;SIPRNet), and&#x2F;or the Global
-Positioning System (GPS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global
+Positioning System (GPS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inaccurate time stamps make it more difficult to correlate events and
 can lead to an inaccurate analysis. Determining the correct time a particular
 event occurred on a system is critical when conducting forensic analysis and
@@ -13874,62 +13227,62 @@ connected over a network.
 
     Organizations should consider endpoints that may not have regular access to
 the authoritative time server (e.g., mobile, teleworking, and tactical
-endpoints).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+endpoints).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if NTP is running in continuous mode:
 
     # ps -ef | grep ntp
 
-    If NTP is not running, check to see if &quot;chronyd&quot; is running in continuous
+    If NTP is not running, check to see if "chronyd" is running in continuous
 mode:
 
     # ps -ef | grep chronyd
 
-    If NTP or &quot;chronyd&quot; is not running, this is a finding.
+    If NTP or "chronyd" is not running, this is a finding.
 
-    If the NTP process is found, then check the &quot;ntp.conf&quot; file for the
-&quot;maxpoll&quot; option setting:
+    If the NTP process is found, then check the "ntp.conf" file for the
+"maxpoll" option setting:
 
-    # grep maxpoll &#x2F;etc&#x2F;ntp.conf
+    # grep maxpoll /etc/ntp.conf
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If the option is set to &quot;17&quot; or is not set, this is a finding.
+    If the option is set to "17" or is not set, this is a finding.
 
-    If the file does not exist, check the &quot;&#x2F;etc&#x2F;cron.daily&quot; subdirectory for
-a crontab file controlling the execution of the &quot;ntpd -q&quot; command.
+    If the file does not exist, check the "/etc/cron.daily" subdirectory for
+a crontab file controlling the execution of the "ntpd -q" command.
 
-    # grep -i &quot;ntpd -q&quot; &#x2F;etc&#x2F;cron.daily&#x2F;*
-    # ls -al &#x2F;etc&#x2F;cron.* | grep ntp
+    # grep -i "ntpd -q" /etc/cron.daily/*
+    # ls -al /etc/cron.* | grep ntp
 
     ntp
 
-    If a crontab file does not exist in the &quot;&#x2F;etc&#x2F;cron.daily&quot; that executes
-the &quot;ntpd -q&quot; command, this is a finding.
+    If a crontab file does not exist in the "/etc/cron.daily" that executes
+the "ntpd -q" command, this is a finding.
 
-    If the &quot;chronyd&quot; process is found, then check the &quot;chrony.conf&quot; file
-for the &quot;maxpoll&quot; option setting:
+    If the "chronyd" process is found, then check the "chrony.conf" file
+for the "maxpoll" option setting:
 
-    # grep maxpoll &#x2F;etc&#x2F;chrony.conf
+    # grep maxpoll /etc/chrony.conf
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If the option is not set or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &quot;&#x2F;etc&#x2F;ntp.conf&quot; or &quot;&#x2F;etc&#x2F;chrony.conf&quot; file and add or update
-an entry to define &quot;maxpoll&quot; to &quot;10&quot; as follows:
+    If the option is not set or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the "/etc/ntp.conf" or "/etc/chrony.conf" file and add or update
+an entry to define "maxpoll" to "10" as follows:
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If NTP was running and &quot;maxpoll&quot; was updated, the NTP service must be
+    If NTP was running and "maxpoll" was updated, the NTP service must be
 restarted:
 
     # systemctl restart ntpd
@@ -13938,419 +13291,398 @@ restarted:
 
     # systemctl start ntpd
 
-    If &quot;chronyd&quot; was running and &quot;maxpoll&quot; was updated, the service must be
+    If "chronyd" was running and "maxpoll" was updated, the service must be
 restarted:
 
     # systemctl restart chronyd.service
 
-    If &quot;chronyd&quot; was not running, it must be started:
-
-    # systemctl start chronyd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>139eb42c-799d-4e6d-b553-58ce39529cce</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service chronyd is expected to be running
---------------------------------
-passed
-Service chronyd is expected to be enabled
---------------------------------
-passed
-Service chronyd is expected to be installed
---------------------------------
-passed
-chronyd time sources list is expected not to be empty
---------------------------------
-passed
-chronyd maxpoll values (99&#x3D;maxpoll absent) is expected to all be &lt; 17</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71931</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86555r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010260</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "chronyd" was not running, it must be started:
+
+    # systemctl start chronyd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72269\" do\n  title \"The Red Hat Enterprise Linux operating system must, for networked\nsystems, synchronize clocks with a server that is synchronized to one of the\nredundant United States Naval Observatory (USNO) time servers, a time server\ndesignated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global\nPositioning System (GPS).\"\n  desc  \"Inaccurate time stamps make it more difficult to correlate events and\ncan lead to an inaccurate analysis. Determining the correct time a particular\nevent occurred on a system is critical when conducting forensic analysis and\ninvestigating system events. Sources outside the configured acceptable\nallowance (drift) may be inaccurate.\n\n    Synchronizing internal information system clocks provides uniformity of\ntime stamps for information systems with multiple system clocks and systems\nconnected over a network.\n\n    Organizations should consider endpoints that may not have regular access to\nthe authoritative time server (e.g., mobile, teleworking, and tactical\nendpoints).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if NTP is running in continuous mode:\n\n    # ps -ef | grep ntp\n\n    If NTP is not running, check to see if \\\"chronyd\\\" is running in continuous\nmode:\n\n    # ps -ef | grep chronyd\n\n    If NTP or \\\"chronyd\\\" is not running, this is a finding.\n\n    If the NTP process is found, then check the \\\"ntp.conf\\\" file for the\n\\\"maxpoll\\\" option setting:\n\n    # grep maxpoll /etc/ntp.conf\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If the option is set to \\\"17\\\" or is not set, this is a finding.\n\n    If the file does not exist, check the \\\"/etc/cron.daily\\\" subdirectory for\na crontab file controlling the execution of the \\\"ntpd -q\\\" command.\n\n    # grep -i \\\"ntpd -q\\\" /etc/cron.daily/*\n    # ls -al /etc/cron.* | grep ntp\n\n    ntp\n\n    If a crontab file does not exist in the \\\"/etc/cron.daily\\\" that executes\nthe \\\"ntpd -q\\\" command, this is a finding.\n\n    If the \\\"chronyd\\\" process is found, then check the \\\"chrony.conf\\\" file\nfor the \\\"maxpoll\\\" option setting:\n\n    # grep maxpoll /etc/chrony.conf\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If the option is not set or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the \\\"/etc/ntp.conf\\\" or \\\"/etc/chrony.conf\\\" file and add or update\nan entry to define \\\"maxpoll\\\" to \\\"10\\\" as follows:\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If NTP was running and \\\"maxpoll\\\" was updated, the NTP service must be\nrestarted:\n\n    # systemctl restart ntpd\n\n    If NTP was not running, it must be started:\n\n    # systemctl start ntpd\n\n    If \\\"chronyd\\\" was running and \\\"maxpoll\\\" was updated, the service must be\nrestarted:\n\n    # systemctl restart chronyd.service\n\n    If \\\"chronyd\\\" was not running, it must be started:\n\n    # systemctl start chronyd.service\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000355-GPOS-00143\"\n  tag satisfies: [\"SRG-OS-000355-GPOS-00143\", \"SRG-OS-000356-GPOS-00144\"]\n  tag gid: \"V-72269\"\n  tag rid: \"SV-86893r5_rule\"\n  tag stig_id: \"RHEL-07-040500\"\n  tag fix_id: \"F-78623r5_fix\"\n  tag cci: [\"CCI-001891\", \"CCI-002046\"]\n  tag nist: [\"AU-8 (1) (a)\", \"AU-8 (1) (b)\", \"Rev_4\"]\n\n  # Either ntpd or chronyd should be running\n  describe.one do\n    [service('ntpd'), service('chronyd')].each do |time_service|\n      describe time_service do\n        it { should be_running }\n        it { should be_enabled }\n        it { should be_installed }\n      end\n    end\n  end\n\n  if service('ntpd').installed?\n    time_service = service('ntpd')\n    time_sources = ntp_conf('/etc/ntp.conf').server\n    max_poll_values = time_sources.map { |val| val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/,'\\1').to_i : 99 }\n    ntpdate_crons = command('grep -l \"ntpd -q\" /etc/cron.daily/*').stdout.strip.lines\n\n    describe \"ntpd time sources list\" do\n      subject { time_sources }\n      it { should_not be_empty }\n    end\n\n    describe.one do\n      # Case where maxpoll empty\n      describe \"Daily cron jobs for 'ntpd -q'\" do\n        subject { ntpdate_crons }\n        it { should_not be_empty }\n      end\n      # All time sources must contain valid maxpoll entries\n      describe \"ntpd maxpoll values (99=maxpoll absent)\" do\n        subject { max_poll_values }\n        it { should all be &lt; 17 }\n      end\n    end\n  end\n\n  if service('chronyd').installed?\n    time_service = service('chronyd')\n    time_sources = ntp_conf('/etc/chrony.conf').server\n    max_poll_values = time_sources.map { |val| val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/,'\\1').to_i : 99 }\n\n    describe \"chronyd time sources list\" do\n      subject { time_sources }\n      it { should_not be_empty }\n    end\n      \n    # All time sources must contain valid maxpoll entries\n    describe \"chronyd maxpoll values (99=maxpoll absent)\" do\n      subject { max_poll_values }\n      it { should all be &lt; 17 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service chronyd is expected to be running
+--------------------------------
+passed :: TEST Service chronyd is expected to be enabled
+--------------------------------
+passed :: TEST Service chronyd is expected to be installed
+--------------------------------
+passed :: TEST chronyd time sources list is expected not to be empty
+--------------------------------
+passed :: TEST chronyd maxpoll values (99=maxpoll absent) is expected to all be &lt; 17</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71931</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86555r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010260</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that existing passwords are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that existing passwords are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked.
 Therefore, passwords need to be changed periodically. If the operating system
 does not limit the lifetime of passwords and force users to change their
 passwords, there is the risk that the operating system passwords could be
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check whether the maximum time period for existing passwords is restricted
 to 60 days.
 
-    # awk -F: &#39;$5 &gt; 60 {print $1 &quot; &quot; $5}&#39; &#x2F;etc&#x2F;shadow
+    # awk -F: '$5 &gt; 60 {print $1 " " $5}' /etc/shadow
 
     If any results are returned that are not associated with a system account,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 60-day maximum password
 lifetime restriction.
 
-    # chage -M 60 [user]</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>579f4b5c-0d47-4a88-9fa7-ccb3a6e585c8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;shadow with user &#x3D;&#x3D; &quot;ec2-user&quot; max_days.first.to_i is expected to cmp &lt;&#x3D; 60</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72061</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86685r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chage -M 60 [user]</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71931\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat existing passwords are restricted to a 60-day maximum lifetime.\"\n  desc  \"Any password, no matter how complex, can eventually be cracked.\nTherefore, passwords need to be changed periodically. If the operating system\ndoes not limit the lifetime of passwords and force users to change their\npasswords, there is the risk that the operating system passwords could be\ncompromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check whether the maximum time period for existing passwords is restricted\nto 60 days.\n\n    # awk -F: '$5 &gt; 60 {print $1 \\\" \\\" $5}' /etc/shadow\n\n    If any results are returned that are not associated with a system account,\nthis is a finding.\n\n  \"\n  desc  \"fix\", \"\n    Configure non-compliant accounts to enforce a 60-day maximum password\nlifetime restriction.\n\n    # chage -M 60 [user]\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000076-GPOS-00044\"\n  tag gid: \"V-71931\"\n  tag rid: \"SV-86555r3_rule\"\n  tag stig_id: \"RHEL-07-010260\"\n  tag fix_id: \"F-78283r1_fix\"\n  tag cci: [\"CCI-000199\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  shadow.users.each do |user|\n    # filtering on non-system accounts (uid &gt;= 1000)\n    next unless user(user).uid &gt;= 1000\n    describe shadow.users(user) do\n      its('max_days.first.to_i') { should cmp &lt;= 60 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/shadow with user == "ec2-user" max_days.first.to_i is expected to cmp &lt;= 60</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72061</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86685r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for &#x2F;var.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for /var.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for &quot;&#x2F;var&quot;.
-
-    Check that a file system&#x2F;partition has been created for &quot;&#x2F;var&quot; with the
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for "/var".
+
+    Check that a file system/partition has been created for "/var" with the
 following command:
 
-    # grep &#x2F;var &#x2F;etc&#x2F;fstab
-    UUID&#x3D;c274f65f    &#x2F;var                    ext4    noatime,nobarrier        1
+    # grep /var /etc/fstab
+    UUID=c274f65f    /var                    ext4    noatime,nobarrier        1
 2
 
-    If a separate entry for &quot;&#x2F;var&quot; is not in use, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the &quot;&#x2F;var&quot; path onto a separate file system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c385e71c-9d6b-4721-90d5-d2c89cfc5e98</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;var is expected to be mounted
-
-Mount &#x2F;var is not mounted
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92255</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102357r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If a separate entry for "/var" is not in use, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the "/var" path onto a separate file system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72061\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for /var.\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for \\\"/var\\\".\n\n    Check that a file system/partition has been created for \\\"/var\\\" with the\nfollowing command:\n\n    # grep /var /etc/fstab\n    UUID=c274f65f    /var                    ext4    noatime,nobarrier        1\n2\n\n    If a separate entry for \\\"/var\\\" is not in use, this is a finding.\n  \"\n  desc  \"fix\", \"Migrate the \\\"/var\\\" path onto a separate file system.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72061\"\n  tag rid: \"SV-86685r2_rule\"\n  tag stig_id: \"RHEL-07-021320\"\n  tag fix_id: \"F-78413r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/var') do\n    it { should be_mounted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /var is expected to be mounted :: MESSAGE 
+Mount /var is not mounted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92255</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102357r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have a host-based
-intrusion detection tool installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+intrusion detection tool installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Adding host-based intrusion detection tools can provide the capability
 to automatically take actions in response to malicious behavior, which can
 provide additional agility in reacting to network threats. These tools also
 often include a reporting capability to provide network awareness of the
-system, which may not otherwise exist in an organization&#39;s systems management
-regime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system, which may not otherwise exist in an organization's systems management
+regime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Ask the SA or ISSO if a host-based intrusion detection application is
 loaded on the system. Per OPORD 16-0080, the preferred intrusion detection
 system is McAfee HBSS available through the U.S. Cyber Command (USCYBERCOM).
@@ -14366,12 +13698,12 @@ SELinux, this must be documented and approved by the local Authorizing Official.
 
     Verify that the McAfee HIPS module is active on the system:
 
-    # ps -ef | grep -i hipclient
+    # ps -ef | grep -i “hipclient”
 
     If the MFEhiplsm package is not installed, check for another intrusion
 detection system:
 
-    # find &#x2F; -name &lt;daemon name&gt;
+    # find / -name &lt;daemon name&gt;
 
     Where &lt;daemon name&gt; is the name of the primary application daemon to
 determine if the application is loaded on the system.
@@ -14385,146 +13717,138 @@ intrusion detection application has not been documented for use, this is a
 finding.
 
     If no host-based intrusion detection system is installed and running on the
-system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install and enable the latest McAfee HIPS package, available from
 USCYBERCOM.
 
     Note: If the system does not support the McAfee HIPS package, install and
 enable a supported intrusion detection system application and document its use
-with the Authorizing Official.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a5444bed-ef08-4dd4-aeb7-078c530dd994</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001263</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package MFEhiplsm is expected to be installed
-expected that &#x60;System Package MFEhiplsm&#x60; is installed
---------------------------------
-passed
-Processes &#x2F;hipclient&#x2F; is expected to exist
-expected Processes &#x2F;hipclient&#x2F; to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71893</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86517r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010070</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the Authorizing Official.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92255\" do\n  title \"The Red Hat Enterprise Linux operating system must have a host-based\nintrusion detection tool installed.\"\n  desc  \"Adding host-based intrusion detection tools can provide the capability\nto automatically take actions in response to malicious behavior, which can\nprovide additional agility in reacting to network threats. These tools also\noften include a reporting capability to provide network awareness of the\nsystem, which may not otherwise exist in an organization's systems management\nregime.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Ask the SA or ISSO if a host-based intrusion detection application is\nloaded on the system. Per OPORD 16-0080, the preferred intrusion detection\nsystem is McAfee HBSS available through the U.S. Cyber Command (USCYBERCOM).\n\n    If another host-based intrusion detection application is in use, such as\nSELinux, this must be documented and approved by the local Authorizing Official.\n\n    Procedure:\n    Examine the system to determine if the Host Intrusion Prevention System\n(HIPS) is installed:\n\n    # rpm -qa | grep MFEhiplsm\n\n    Verify that the McAfee HIPS module is active on the system:\n\n    # ps -ef | grep -i “hipclient”\n\n    If the MFEhiplsm package is not installed, check for another intrusion\ndetection system:\n\n    # find / -name &lt;daemon name&gt;\n\n    Where &lt;daemon name&gt; is the name of the primary application daemon to\ndetermine if the application is loaded on the system.\n\n    Determine if the application is active on the system:\n\n    # ps -ef | grep -i &lt;daemon name&gt;\n\n    If the MFEhiplsm package is not installed and an alternate host-based\nintrusion detection application has not been documented for use, this is a\nfinding.\n\n    If no host-based intrusion detection system is installed and running on the\nsystem, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Install and enable the latest McAfee HIPS package, available from\nUSCYBERCOM.\n\n    Note: If the system does not support the McAfee HIPS package, install and\nenable a supported intrusion detection system application and document its use\nwith the Authorizing Official.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000196\"\n  tag gid: \"V-92255\"\n  tag rid: \"SV-102357r1_rule\"\n  tag stig_id: \"RHEL-07-020019\"\n  tag fix_id: \"F-98477r1_fix\"\n  tag cci: [\"CCI-001263\"]\n  tag nist: [\"SI-4 (5)\", \"Rev_4\"]\n\n  custom_hips = input('custom_hips')\n\n  if ! custom_hips\n    describe package('MFEhiplsm') do\n      it { should be_installed }\n    end\n    describe processes(/hipclient/) do\n      it { should exist }\n    end\n  else\n    # Special case for SELinux\n    sel_mode = command('getenforce').stdout.strip\n    custom_hips_daemon = input('custom_hips_daemon')\n    max_daemon_processes = input('max_daemon_processes')\n\n    describe.one do\n      describe \"SELinux mode\" do\n        subject { sel_mode }\n        it { should cmp 'Enforcing' }\n      end\n      describe processes(/#{custom_hips_daemon}/) do\n        it { should exist }\n        its('count') { should be &lt; max_daemon_processes }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001263</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package MFEhiplsm is expected to be installed :: MESSAGE expected that `System Package MFEhiplsm` is installed
+--------------------------------
+passed :: TEST Processes /hipclient/ is expected to exist :: MESSAGE expected Processes /hipclient/ to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71893</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86517r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010070</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a
 screensaver after a 15-minute period of inactivity for graphical user
-interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a screensaver after a 15-minute
 period of inactivity for graphical user interfaces. The screen program must be
 installed to lock sessions on the console.
@@ -14535,148 +13859,142 @@ Applicable.
     Check to see if GNOME is configured to display a screensaver after a 15
 minute delay with the following command:
 
-    # grep -i idle-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    idle-delay&#x3D;uint32 900
+    # grep -i idle-delay /etc/dconf/db/local.d/*
+    idle-delay=uint32 900
 
-    If the &quot;idle-delay&quot; setting is missing or is not set to &quot;900&quot; or less,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "idle-delay" setting is missing or is not set to "900" or less,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a screensaver after a 15-minute
 period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
-    Edit &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver and add or update the following
+    Edit /etc/dconf/db/local.d/00-screensaver and add or update the following
 lines:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;session]
+    [org/gnome/desktop/session]
     # Set the lock time out to 900 seconds before the session is considered idle
-    idle-delay&#x3D;uint32 900
+    idle-delay=uint32 900
 
-    You must include the &quot;uint32&quot; along with the integer key values as shown.
+    You must include the "uint32" along with the integer key values as shown.
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0eadcb3a-1d77-4501-9fbc-c2cc83e706c9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71915</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86539r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010180</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71893\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a\nscreensaver after a 15-minute period of inactivity for graphical user\ninterfaces.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a screensaver after a 15-minute\nperiod of inactivity for graphical user interfaces. The screen program must be\ninstalled to lock sessions on the console.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if GNOME is configured to display a screensaver after a 15\nminute delay with the following command:\n\n    # grep -i idle-delay /etc/dconf/db/local.d/*\n    idle-delay=uint32 900\n\n    If the \\\"idle-delay\\\" setting is missing or is not set to \\\"900\\\" or less,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a screensaver after a 15-minute\nperiod of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Edit /etc/dconf/db/local.d/00-screensaver and add or update the following\nlines:\n\n    [org/gnome/desktop/session]\n    # Set the lock time out to 900 seconds before the session is considered idle\n    idle-delay=uint32 900\n\n    You must include the \\\"uint32\\\" along with the integer key values as shown.\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71893\"\n  tag rid: \"SV-86517r5_rule\"\n  tag stig_id: \"RHEL-07-010070\"\n  tag fix_id: \"F-78245r5_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  unless package('gnome-desktop3').installed?\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  else \n    describe command(\"gsettings get org.gnome.desktop.session idle-delay | cut -d ' ' -f2\") do\n      its('stdout.strip') { should cmp &lt;= 900 }\n    end \n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71915</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86539r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010180</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed the number of repeating consecutive characters
-must not be more than three characters.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must not be more than three characters.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -14685,617 +14003,590 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;maxrepeat&quot; option sets the maximum number of allowed same
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "maxrepeat" option sets the maximum number of allowed same
 consecutive characters in a new password.
 
-    Check for the value of the &quot;maxrepeat&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "maxrepeat" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep maxrepeat &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    maxrepeat &#x3D; 3
+    # grep maxrepeat /etc/security/pwquality.conf
+    maxrepeat = 3
 
-    If the value of &quot;maxrepeat&quot; is set to more than &quot;3&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "maxrepeat" is set to more than "3", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of the number of
 repeating consecutive characters when passwords are changed by setting the
-&quot;maxrepeat&quot; option.
+"maxrepeat" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf conf&quot; (or modify
+    Add the following line to "/etc/security/pwquality.conf conf" (or modify
 the line to have the required value):
 
-    maxrepeat &#x3D; 3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>99e5ee91-32d4-48f1-95cc-89f4786c6b86</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf maxrepeat.to_i is expected to cmp &lt;&#x3D; 3</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81013</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95725r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021024</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the noexec option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;noexec&quot; mount option causes the system to not execute binary
+    maxrepeat = 3</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71915\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed the number of repeating consecutive characters\nmust not be more than three characters.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"maxrepeat\\\" option sets the maximum number of allowed same\nconsecutive characters in a new password.\n\n    Check for the value of the \\\"maxrepeat\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep maxrepeat /etc/security/pwquality.conf\n    maxrepeat = 3\n\n    If the value of \\\"maxrepeat\\\" is set to more than \\\"3\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of the number of\nrepeating consecutive characters when passwords are changed by setting the\n\\\"maxrepeat\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf conf\\\" (or modify\nthe line to have the required value):\n\n    maxrepeat = 3\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71915\"\n  tag rid: \"SV-86539r3_rule\"\n  tag stig_id: \"RHEL-07-010180\"\n  tag fix_id: \"F-78267r2_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('maxrepeat.to_i') { should cmp &lt;= 3 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf maxrepeat.to_i is expected to cmp &lt;= 3</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81013</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95725r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021024</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the noexec option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "noexec" mount option causes the system to not execute binary
 files. This option must be used for mounting any file system not containing
 approved binary files as they may be incompatible. Executing files from
 untrusted file systems increases the opportunity for unprivileged users to
-attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;noexec&quot; option is configured for &#x2F;dev&#x2F;shm:
+attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "noexec" option is configured for /dev/shm:
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
+    # cat /etc/fstab | grep /dev/shm
 
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;noexec&quot; option is not listed, this
+    If any results are returned and the "noexec" option is not listed, this
 is a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;noexec&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep noexec
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;noexec&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e8a88863-8766-43e4-8db6-4133445ce753</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;noexec&quot;
-expected [&quot;rw&quot;, &quot;nosuid&quot;, &quot;nodev&quot;, &quot;seclabel&quot;] to include &quot;noexec&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73173</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87825r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030874</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "noexec" option:
+
+    # mount | grep "/dev/shm" | grep noexec
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"noexec" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81013\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe noexec option.\"\n  desc  \"The \\\"noexec\\\" mount option causes the system to not execute binary\nfiles. This option must be used for mounting any file system not containing\napproved binary files as they may be incompatible. Executing files from\nuntrusted file systems increases the opportunity for unprivileged users to\nattain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"noexec\\\" option is configured for /dev/shm:\n\n    # cat /etc/fstab | grep /dev/shm\n\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"noexec\\\" option is not listed, this\nis a finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"noexec\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep noexec\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"noexec\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81013\"\n  tag rid: \"SV-95725r2_rule\"\n  tag stig_id: \"RHEL-07-021024\"\n  tag fix_id: \"F-87847r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'noexec' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "noexec" :: MESSAGE expected ["rw", "nosuid", "nodev", "seclabel"] to include "noexec"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73173</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87825r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030874</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;opasswd.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/opasswd.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;opasswd.
+/etc/opasswd.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;security&#x2F;opasswd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/security/opasswd /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;security&#x2F;opasswd -p wa -k identity
+    -w /etc/security/opasswd -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;opasswd.
+/etc/opasswd.
 
     Add or update the following file system rule in
-&quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+"/etc/audit/rules.d/audit.rules":
 
-    -w &#x2F;etc&#x2F;security&#x2F;opasswd -p wa -k identity
+    -w /etc/security/opasswd -p wa -k identity
 
     The audit daemon must be restarted for the changes to take effect:
-    # systemctl restart auditd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>501ebea6-050c-45b4-b0fa-cdb9f4ca930d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;security&#x2F;opasswd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;security&#x2F;opasswd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72117</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86741r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl restart auditd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73173\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/opasswd.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/opasswd.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/security/opasswd /etc/audit/audit.rules\n\n    -w /etc/security/opasswd -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/opasswd.\n\n    Add or update the following file system rule in\n\\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/security/opasswd -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect:\n    # systemctl restart auditd\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73173\"\n  tag rid: \"SV-87825r5_rule\"\n  tag stig_id: \"RHEL-07-030874\"\n  tag fix_id: \"F-79619r6_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/security/opasswd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/security/opasswd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/security/opasswd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72117</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86741r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the removexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the removexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;removexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "removexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw removexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw removexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;removexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"removexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;removexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "removexattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10fd571a-d4e0-49e5-b77a-06b9e1a4d7f7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71951</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00226</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86575r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72117\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe removexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"removexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw removexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"removexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"removexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72117\"\n  tag rid: \"SV-86741r5_rule\"\n  tag stig_id: \"RHEL-07-030470\"\n  tag fix_id: \"F-78469r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"removexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"removexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71951</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00226</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86575r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the delay between logon prompts following a failed console logon attempt
-is at least four seconds.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+is at least four seconds.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring the operating system to implement organization-wide
 security implementation guides and security checklists verifies compliance with
 federal standards and establishes a common security baseline across DoD that
@@ -15304,605 +14595,580 @@ requirements.
 
     Configuration settings are the set of parameters that can be changed in
 hardware, software, or firmware components of the system that affect the
-security posture and&#x2F;or functionality of the system. Security-related
+security posture and/or functionality of the system. Security-related
 parameters are those parameters impacting the security state of the system,
 including the parameters required to satisfy other security control
 requirements. Security-related parameters include, for example, registry
 settings; account, file, and directory permission settings; and settings for
-functions, ports, protocols, services, and remote connections.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+functions, ports, protocols, services, and remote connections.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces a delay of at least four seconds
 between console logon prompts following a failed logon attempt.
 
-    Check the value of the &quot;fail_delay&quot; parameter in the &quot;&#x2F;etc&#x2F;login.defs&quot;
+    Check the value of the "fail_delay" parameter in the "/etc/login.defs"
 file with the following command:
 
-    # grep -i fail_delay &#x2F;etc&#x2F;login.defs
+    # grep -i fail_delay /etc/login.defs
     FAIL_DELAY 4
 
-    If the value of &quot;FAIL_DELAY&quot; is not set to &quot;4&quot; or greater, or the line
-is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "FAIL_DELAY" is not set to "4" or greater, or the line
+is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce a delay of at least four seconds
 between logon prompts following a failed console logon attempt.
 
-    Modify the &quot;&#x2F;etc&#x2F;login.defs&quot; file to set the &quot;FAIL_DELAY&quot; parameter to
-&quot;4&quot; or greater:
-
-    FAIL_DELAY 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>702115a1-936b-4dcd-a484-e50e28c4e8ee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs FAIL_DELAY.to_i is expected to cmp &gt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86661r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020730</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify the "/etc/login.defs" file to set the "FAIL_DELAY" parameter to
+"4" or greater:
+
+    FAIL_DELAY 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71951\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the delay between logon prompts following a failed console logon attempt\nis at least four seconds.\"\n  desc  \"Configuring the operating system to implement organization-wide\nsecurity implementation guides and security checklists verifies compliance with\nfederal standards and establishes a common security baseline across DoD that\nreflects the most restrictive security posture consistent with operational\nrequirements.\n\n    Configuration settings are the set of parameters that can be changed in\nhardware, software, or firmware components of the system that affect the\nsecurity posture and/or functionality of the system. Security-related\nparameters are those parameters impacting the security state of the system,\nincluding the parameters required to satisfy other security control\nrequirements. Security-related parameters include, for example, registry\nsettings; account, file, and directory permission settings; and settings for\nfunctions, ports, protocols, services, and remote connections.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces a delay of at least four seconds\nbetween console logon prompts following a failed logon attempt.\n\n    Check the value of the \\\"fail_delay\\\" parameter in the \\\"/etc/login.defs\\\"\nfile with the following command:\n\n    # grep -i fail_delay /etc/login.defs\n    FAIL_DELAY 4\n\n    If the value of \\\"FAIL_DELAY\\\" is not set to \\\"4\\\" or greater, or the line\nis commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce a delay of at least four seconds\nbetween logon prompts following a failed console logon attempt.\n\n    Modify the \\\"/etc/login.defs\\\" file to set the \\\"FAIL_DELAY\\\" parameter to\n\\\"4\\\" or greater:\n\n    FAIL_DELAY 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00226\"\n  tag gid: \"V-71951\"\n  tag rid: \"SV-86575r2_rule\"\n  tag stig_id: \"RHEL-07-010430\"\n  tag fix_id: \"F-78303r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe login_defs do\n    its('FAIL_DELAY.to_i') { should cmp &gt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs FAIL_DELAY.to_i is expected to cmp &gt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86661r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020730</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that local initialization files do not execute world-writable programs.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that local initialization files do not execute world-writable programs.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This control consistently takes a long to run and has been disabled
-          using the disable_slow_controls attribute.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+          using the disable_slow_controls attribute.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that local initialization files do not execute world-writable
 programs.
 
     Check the system for world-writable files with the following command:
 
-    # find &#x2F; -xdev -perm -002 -type f -exec ls -ld {} \; | more
+    # find / -xdev -perm -002 -type f -exec ls -ld {} \; | more
 
     For all files listed, check for their presence in the local initialization
 files with the following commands:
 
-    Note: The example will be for a system that is configured to create users&#39;
-home directories in the &quot;&#x2F;home&quot; directory.
+    Note: The example will be for a system that is configured to create users'
+home directories in the "/home" directory.
 
-    # grep &lt;file&gt; &#x2F;home&#x2F;*&#x2F;.*
+    # grep &lt;file&gt; /home/*/.*
 
     If any local initialization files are found to reference world-writable
-files, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+files, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the mode on files being executed by the local initialization files with
 the following command:
 
-    # chmod 0755 &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e1c75eb7-1199-419f-96ce-84e21611f6ab</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long to run and has been disabled
-  using the disable_slow_controls attribute.
-This control consistently takes a long to run and has been disabled
+    # chmod 0755 &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72037\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat local initialization files do not execute world-writable programs.\"\n  if input('disable_slow_controls')\n    desc \"This control consistently takes a long to run and has been disabled\n          using the disable_slow_controls attribute.\"\n  else\n  desc  \"If user start-up files execute world-writable programs, especially in\nunprotected directories, they could be maliciously modified to destroy user\nfiles or otherwise compromise the system at the user level. If the system is\ncompromised at the user level, it is easier to elevate privileges to eventually\ncompromise the system at the root and network level.\"\n  end\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that local initialization files do not execute world-writable\nprograms.\n\n    Check the system for world-writable files with the following command:\n\n    # find / -xdev -perm -002 -type f -exec ls -ld {} \\\\; | more\n\n    For all files listed, check for their presence in the local initialization\nfiles with the following commands:\n\n    Note: The example will be for a system that is configured to create users'\nhome directories in the \\\"/home\\\" directory.\n\n    # grep &lt;file&gt; /home/*/.*\n\n    If any local initialization files are found to reference world-writable\nfiles, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the mode on files being executed by the local initialization files with\nthe following command:\n\n    # chmod 0755 &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72037\"\n  tag rid: \"SV-86661r2_rule\"\n  tag stig_id: \"RHEL-07-020730\"\n  tag fix_id: \"F-78389r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  if input('disable_slow_controls')\n    describe \"This control consistently takes a long to run and has been disabled\n  using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long to run and has been disabled\n  using the disable_slow_controls attribute. You must enable this control for a\n  full accredidation for production.\"\n  end\n  else\n    ignore_shells = non_interactive_shells.join('|')\n\n    #Get home directory for users with UID &gt;= 1000 or UID == 0 and support interactive logins.\n    dotfiles = Set[]\n    u = users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries\n    #For each user, build and execute a find command that identifies initialization files\n    #in a user's home directory.\n    u.each do |user|\n      dotfiles = dotfiles + command(\"find #{user.home} -xdev -maxdepth 2 ( -name '.*' ! -name '.bash_history' ) -type f\").stdout.split(\"\\n\")\n    end\n    ww_files = Set[]\n    ww_files = command('find / -xdev -perm -002 -type f -exec ls {} \\;').stdout.lines\n\n    #To reduce the number of commands ran, we use a pattern file in the grep command below\n    #So we don't have too long of a grep command, we chunk the list of ww_files\n    #into strings not longer than PATTERN_FILE_MAX_LENGTH\n    #Based on MAX_ARG_STRLEN, /usr/include/linux/binfmts.h\n    #We cut off 100 to leave room for the rest of the arguments\n    PATTERN_FILE_MAX_LENGTH=command(\"getconf PAGE_SIZE\").stdout.to_i * 32 - 100\n    ww_chunked=[\"\"]\n    ww_files.each do |item|\n      item = item.strip\n      if item.length + \"\\n\".length &gt; PATTERN_FILE_MAX_LENGTH\n        raise \"Single pattern is longer than PATTERN_FILE_MAX_LENGTH\"\n      end\n      if ww_chunked[-1].length + \"\\n\".length + item.length &gt; PATTERN_FILE_MAX_LENGTH\n        ww_chunked.append(\"\")\n      end\n      ww_chunked[-1] += \"\\n\" + item  # This will leave an extra newline at the beginning of chunks\n    end\n    ww_chunked = ww_chunked.map(&amp;:strip)  # This gets rid of the beginning newlines\n    if ww_chunked[0] == \"\"\n      ww_chunked = []  # If we didn't have any ww_files, this will prevent an empty grep pattern\n    end\n\n    #Check each dotfile for existence of each world-writeable file\n    findings = Set[]\n    dotfiles.each do |dotfile|\n      dotfile = dotfile.strip\n      ww_chunked.each do |ww_pattern_file|\n        count = command(\"grep -c -f &lt;(echo \\\"#{ww_pattern_file}\\\") \\\"#{dotfile}\\\"\").stdout.strip.to_i\n        findings &lt;&lt; dotfile if count &gt; 0\n      end\n    end\n    describe \"Local initialization files that are found to reference world-writable files\" do\n      subject { findings.to_a }\n      it { should be_empty }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long to run and has been disabled
+  using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long to run and has been disabled
   using the disable_slow_controls attribute. You must enable this control for a
-  full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72121</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86745r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030490</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+  full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72121</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86745r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030490</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lremovexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lremovexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lremovexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lremovexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lremovexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lremovexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lremovexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"lremovexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lremovexattr&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    -a always,exit -F arch&#x3D;b64 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3f38ef9b-ecb0-41f7-9de4-5aebb4532688</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86629r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "lremovexattr" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72121\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lremovexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lremovexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lremovexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lremovexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"lremovexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72121\"\n  tag rid: \"SV-86745r5_rule\"\n  tag stig_id: \"RHEL-07-030490\"\n  tag fix_id: \"F-78473r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lremovexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lremovexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86629r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the root account must be the only account having unrestricted access to
-the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account other than root also has a User Identifier (UID) of
-&quot;0&quot;, it has root authority, giving that account unrestricted access to the
-entire operating system. Multiple accounts with a UID of &quot;0&quot; afford an
+"0", it has root authority, giving that account unrestricted access to the
+entire operating system. Multiple accounts with a UID of "0" afford an
 opportunity for potential intruders to guess a password for a privileged
-account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Check the system for duplicate UID &quot;0&quot; assignments with the following
+account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Check the system for duplicate UID "0" assignments with the following
 command:
 
-    # awk -F: &#39;$3 &#x3D;&#x3D; 0 {print $1}&#39; &#x2F;etc&#x2F;passwd
+    # awk -F: '$3 == 0 {print $1}' /etc/passwd
 
-    If any accounts other than root have a UID of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any accounts other than root have a UID of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Change the UID of any account on the system, other than root, that has a
-UID of &quot;0&quot;.
+UID of "0".
 
     If the account is associated with system commands or applications, the UID
-should be changed to one greater than &quot;0&quot; but less than &quot;1000&quot;. Otherwise,
-assign a UID of greater than &quot;1000&quot; that has not already been assigned.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>975f6164-8cc0-417c-9220-eefd6b7d71fb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;passwd with uid &#x3D;&#x3D; 0 users is expected to cmp &#x3D;&#x3D; &quot;root&quot;
---------------------------------
-passed
-&#x2F;etc&#x2F;passwd with uid &#x3D;&#x3D; 0 entries.length is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86877r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040400</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+should be changed to one greater than "0" but less than "1000". Otherwise,
+assign a UID of greater than "1000" that has not already been assigned.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72005\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the root account must be the only account having unrestricted access to\nthe system.\"\n  desc  \"If an account other than root also has a User Identifier (UID) of\n\\\"0\\\", it has root authority, giving that account unrestricted access to the\nentire operating system. Multiple accounts with a UID of \\\"0\\\" afford an\nopportunity for potential intruders to guess a password for a privileged\naccount.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the system for duplicate UID \\\"0\\\" assignments with the following\ncommand:\n\n    # awk -F: '$3 == 0 {print $1}' /etc/passwd\n\n    If any accounts other than root have a UID of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the UID of any account on the system, other than root, that has a\nUID of \\\"0\\\".\n\n    If the account is associated with system commands or applications, the UID\nshould be changed to one greater than \\\"0\\\" but less than \\\"1000\\\". Otherwise,\nassign a UID of greater than \\\"1000\\\" that has not already been assigned.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72005\"\n  tag rid: \"SV-86629r2_rule\"\n  tag stig_id: \"RHEL-07-020310\"\n  tag fix_id: \"F-78357r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe passwd.uids(0) do\n    its('users') { should cmp 'root' }\n    its('entries.length') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/passwd with uid == 0 users is expected to cmp == "root"
+--------------------------------
+passed :: TEST /etc/passwd with uid == 0 entries.length is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86877r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040400</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon is configured to only use Message Authentication Codes
-(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>DoD information systems are required to use FIPS 140-2 approved
 cryptographic hash functions. The only SSHv2 hash algorithm meeting this
-requirement is SHA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+requirement is SHA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon is configured to only use MACs employing FIPS
 140-2-approved ciphers.
 
@@ -15913,1495 +15179,1440 @@ hashes.
     Check that the SSH daemon is configured to only use MACs employing FIPS
 140-2-approved ciphers with the following command:
 
-    # grep -i macs &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i macs /etc/ssh/sshd_config
     MACs hmac-sha2-256,hmac-sha2-512
 
-    If any ciphers other than &quot;hmac-sha2-256&quot; or &quot;hmac-sha2-512&quot; are listed
-or the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for the
-&quot;MACs&quot; keyword and set its value to &quot;hmac-sha2-256&quot; and&#x2F;or
-&quot;hmac-sha2-512&quot; (this file may be named differently or be in a different
+    If any ciphers other than "hmac-sha2-256" or "hmac-sha2-512" are listed
+or the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the
+"MACs" keyword and set its value to "hmac-sha2-256" and/or
+"hmac-sha2-512" (this file may be named differently or be in a different
 location if using a version of SSH that is provided by a third-party vendor):
 
     MACs hmac-sha2-256,hmac-sha2-512
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e743dc53-0179-416a-9537-7fa49cf80e7d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-hmac-sha2-256 is expected to be in &quot;hmac-sha2-256&quot; and &quot;hmac-sha2-512&quot;
---------------------------------
-passed
-hmac-sha2-512 is expected to be in &quot;hmac-sha2-256&quot; and &quot;hmac-sha2-512&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86673r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72253\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon is configured to only use Message Authentication Codes\n(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.\"\n  desc  \"DoD information systems are required to use FIPS 140-2 approved\ncryptographic hash functions. The only SSHv2 hash algorithm meeting this\nrequirement is SHA.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon is configured to only use MACs employing FIPS\n140-2-approved ciphers.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding as\nthe system cannot implement FIPS 140-2-approved cryptographic algorithms and\nhashes.\n\n    Check that the SSH daemon is configured to only use MACs employing FIPS\n140-2-approved ciphers with the following command:\n\n    # grep -i macs /etc/ssh/sshd_config\n    MACs hmac-sha2-256,hmac-sha2-512\n\n    If any ciphers other than \\\"hmac-sha2-256\\\" or \\\"hmac-sha2-512\\\" are listed\nor the returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for the\n\\\"MACs\\\" keyword and set its value to \\\"hmac-sha2-256\\\" and/or\n\\\"hmac-sha2-512\\\" (this file may be named differently or be in a different\nlocation if using a version of SSH that is provided by a third-party vendor):\n\n    MACs hmac-sha2-256,hmac-sha2-512\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72253\"\n  tag rid: \"SV-86877r3_rule\"\n  tag stig_id: \"RHEL-07-040400\"\n  tag fix_id: \"F-78607r2_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  @macs = inspec.sshd_config.params(\"macs\")\n  if @macs.nil?\n    # fail fast\n    describe 'The `sshd_config` setting for `MACs`' do\n    subject { @macs }\n      it 'should be explicitly set and not commented out' do\n        expect(subject).not_to be_nil\n      end\n    end\n  else\n    @macs.first.split(\",\").each do |mac|\n      describe mac do\n        it { should be_in ['hmac-sha2-256', 'hmac-sha2-512'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST hmac-sha2-256 is expected to be in "hmac-sha2-256" and "hmac-sha2-512"
+--------------------------------
+passed :: TEST hmac-sha2-512 is expected to be in "hmac-sha2-256" and "hmac-sha2-512"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86673r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must set the umask value
-to 077 for all local interactive user accounts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+to 077 for all local interactive user accounts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The umask controls the default access mode assigned to newly created
 files. A umask of 077 limits new files to mode 700 or less permissive. Although
 umask can be represented as a four-digit number, the first digit representing
-special access modes is typically ignored or required to be &quot;0&quot;. This
+special access modes is typically ignored or required to be "0". This
 requirement applies to the globally configured system defaults and the local
-interactive user defaults for each account on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the default umask for all local interactive users is &quot;077&quot;.
+interactive user defaults for each account on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the default umask for all local interactive users is "077".
 
     Identify the locations of all local interactive user home directories by
-looking at the &quot;&#x2F;etc&#x2F;passwd&quot; file.
+looking at the "/etc/passwd" file.
 
     Check all local interactive user initialization files for interactive users
 with the following command:
 
     Note: The example is for a system that is configured to create users home
-directories in the &quot;&#x2F;home&quot; directory.
+directories in the "/home" directory.
 
-    # grep -i umask &#x2F;home&#x2F;*&#x2F;.*
+    # grep -i umask /home/*/.*
 
     If any local interactive user initialization files are found to have a
-umask statement that has a value less restrictive than &quot;077&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove the umask statement from all local interactive user&#39;s initialization
+umask statement that has a value less restrictive than "077", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove the umask statement from all local interactive user's initialization
 files.
 
     If the account is for an application, the requirement for a umask less
-restrictive than &quot;077&quot; can be documented with the Information System Security
+restrictive than "077" can be documented with the Information System Security
 Officer, but the user agreement for access to the account must specify that the
 local interactive user must log on to their account first and then switch the
-user to the application account with the correct option to gain the account&#39;s
-environment variables.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>820ae9d3-f59d-4661-a3f6-e78afa3be035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No interactive user initialization files with a less restrictive umask were found. is expected to eq true
---------------------------------
-passed
-No users were found with a less restrictive umask were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72309</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86933r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040740</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+user to the application account with the correct option to gain the account's
+environment variables.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72049\" do\n  title \"The Red Hat Enterprise Linux operating system must set the umask value\nto 077 for all local interactive user accounts.\"\n  desc  \"The umask controls the default access mode assigned to newly created\nfiles. A umask of 077 limits new files to mode 700 or less permissive. Although\numask can be represented as a four-digit number, the first digit representing\nspecial access modes is typically ignored or required to be \\\"0\\\". This\nrequirement applies to the globally configured system defaults and the local\ninteractive user defaults for each account on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the default umask for all local interactive users is \\\"077\\\".\n\n    Identify the locations of all local interactive user home directories by\nlooking at the \\\"/etc/passwd\\\" file.\n\n    Check all local interactive user initialization files for interactive users\nwith the following command:\n\n    Note: The example is for a system that is configured to create users home\ndirectories in the \\\"/home\\\" directory.\n\n    # grep -i umask /home/*/.*\n\n    If any local interactive user initialization files are found to have a\numask statement that has a value less restrictive than \\\"077\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Remove the umask statement from all local interactive user's initialization\nfiles.\n\n    If the account is for an application, the requirement for a umask less\nrestrictive than \\\"077\\\" can be documented with the Information System Security\nOfficer, but the user agreement for access to the account must specify that the\nlocal interactive user must log on to their account first and then switch the\nuser to the application account with the correct option to gain the account's\nenvironment variables.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72049\"\n  tag rid: \"SV-86673r2_rule\"\n  tag stig_id: \"RHEL-07-021040\"\n  tag fix_id: \"F-78401r3_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  non_interactive_shells = input('non_interactive_shells')\n\n  # Get all interactive users\n  ignore_shells = non_interactive_shells.join('|')\n\n  # Get home directory for users with UID &gt;= 1000 or UID == 0 and support interactive logins.\n  findings = Set[]\n  dotfiles = Set[]\n  umasks = {}\n  umask_findings = Set[]\n\n  # Get UID_MIN from login.defs\n  uid_min = 1000\n  if file(\"/etc/login.defs\").exist?\n    uid_min_val = command(\"grep '^UID_MIN' /etc/login.defs | grep -Po '[0-9]+'\").stdout.split(\"\\n\")\n    if !uid_min_val.empty?\n      uid_min = uid_min_val[0].to_i\n    end\n  end\n\n  interactive_users = users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries\n\n  # For each user, build and execute a find command that identifies initialization files\n  # in a user's home directory.\n  interactive_users.each do |u|\n\n    # Only check if the home directory is local\n    is_local = command(\"df -l #{u.home}\").exit_status\n\n    if is_local == 0\n      # Get user's initialization files\n      dotfiles = dotfiles + command(\"find #{u.home} -xdev -maxdepth 2 ( -name '.*' ! -name '.bash_history' ) -type f\").stdout.split(\"\\n\")\n\n      # Get user's umask\n      umasks.store(u.username,command(\"su -c 'umask' -l #{u.username}\").stdout.chomp(\"\\n\"))\n\n      # Check all local initialization files to see whether or not they are less restrictive than 077.\n      dotfiles.each do |df|\n        if file(df).more_permissive_than?(\"0077\")\n          findings = findings + df\n        end\n      end\n\n      # Check umask for all interactive users\n      umasks.each do |key,value|\n        max_mode = (\"0077\").to_i(8)\n        inv_mode = 0777 ^ max_mode\n        if inv_mode &amp; (value).to_i(8) != 0\n          umask_findings = umask_findings + key\n        end\n      end\n    else\n      describe \"This control skips non-local filesystems\" do\n       skip \"This control has skipped the #{u.home} home directory for #{u.username} because it is not a local filesystem.\"\n     end\n    end\n  end\n\n  # Report on any interactive files that are less restrictive than 077.\n  describe \"No interactive user initialization files with a less restrictive umask were found.\" do\n    subject { findings.empty? }\n    it { should eq true }\n  end\n\n  # Report on any interactive users that have a umask less restrictive than 077.\n  describe \"No users were found with a less restrictive umask were found.\" do\n    subject { umask_findings.empty? }\n    it { should eq true }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No interactive user initialization files with a less restrictive umask were found. is expected to eq true
+--------------------------------
+passed :: TEST No users were found with a less restrictive umask were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72309</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86933r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040740</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not be performing
-packet forwarding unless the system is a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+packet forwarding unless the system is a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Routing protocol daemons are typically used on routers to exchange
 network topology information with other routers. If this software is used when
 not required, system network information may be unnecessarily transmitted
-across the network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+across the network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is not performing packet forwarding, unless the system is
 a router.
 
-    # grep net.ipv4.ip_forward &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/*
 
-    net.ipv4.ip_forward &#x3D; 0
+    net.ipv4.ip_forward = 0
 
-    If &quot;net.ipv4.ip_forward&quot; is not configured in the &#x2F;etc&#x2F;sysctl.conf file
-or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or does not have a value
-of &quot;0&quot;, this is a finding.
+    If "net.ipv4.ip_forward" is not configured in the /etc/sysctl.conf file
+or in the /etc/sysctl.d/ directory, is commented out, or does not have a value
+of "0", this is a finding.
 
     Check that the operating system does not implement IP forwarding using the
 following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.ip_forward
-    net.ipv4.ip_forward &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.ip_forward
+    net.ipv4.ip_forward = 0
 
-    If IP forwarding value is &quot;1&quot; and the system is hosting any application,
-database, or web servers, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If IP forwarding value is "1" and the system is hosting any application,
+database, or web servers, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.ip_forward &#x3D; 0
+    net.ipv4.ip_forward = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>30a44626-ba34-4883-ad09-4dbec0b3bb60</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.ip_forward value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95715r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010118</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72309\" do\n  title \"The Red Hat Enterprise Linux operating system must not be performing\npacket forwarding unless the system is a router.\"\n  desc  \"Routing protocol daemons are typically used on routers to exchange\nnetwork topology information with other routers. If this software is used when\nnot required, system network information may be unnecessarily transmitted\nacross the network.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is not performing packet forwarding, unless the system is\na router.\n\n    # grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/*\n\n    net.ipv4.ip_forward = 0\n\n    If \\\"net.ipv4.ip_forward\\\" is not configured in the /etc/sysctl.conf file\nor in the /etc/sysctl.d/ directory, is commented out, or does not have a value\nof \\\"0\\\", this is a finding.\n\n    Check that the operating system does not implement IP forwarding using the\nfollowing command:\n\n    # /sbin/sysctl -a | grep net.ipv4.ip_forward\n    net.ipv4.ip_forward = 0\n\n    If IP forwarding value is \\\"1\\\" and the system is hosting any application,\ndatabase, or web servers, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.ip_forward = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72309\"\n  tag rid: \"SV-86933r2_rule\"\n  tag stig_id: \"RHEL-07-040740\"\n  tag fix_id: \"F-78663r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.ip_forward') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.ip_forward value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95715r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010118</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that &#x2F;etc&#x2F;pam.d&#x2F;passwd implements &#x2F;etc&#x2F;pam.d&#x2F;system-auth when changing
-passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing
+passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Pluggable authentication modules (PAM) allow for a modular approach to
 integrating authentication methods. PAM operates in a top-down processing model
 and if the modules are not listed in the correct order, an important security
-function could be bypassed if stack entries are not centralized.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that &#x2F;etc&#x2F;pam.d&#x2F;passwd is configured to use &#x2F;etc&#x2F;pam.d&#x2F;system-auth
+function could be bypassed if stack entries are not centralized.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth
 when changing passwords:
 
-    # cat &#x2F;etc&#x2F;pam.d&#x2F;passwd | grep -i substack | grep -i system-auth
+    # cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth
     password     substack     system-auth
 
-    If no results are returned, the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure PAM to utilize &#x2F;etc&#x2F;pam.d&#x2F;system-auth when changing passwords.
+    If no results are returned, the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;pam.d&#x2F;passwd&quot; (or modify the line to have
+    Add the following line to "/etc/pam.d/passwd" (or modify the line to have
 the required value):
 
-    password     substack    system-auth</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>af3dcecb-3716-43c1-9ee0-4014a43952a0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;pam.d&#x2F;passwd substacks system-auth</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86645r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    password     substack    system-auth</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81003\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing\npasswords.\"\n  desc  \"Pluggable authentication modules (PAM) allow for a modular approach to\nintegrating authentication methods. PAM operates in a top-down processing model\nand if the modules are not listed in the correct order, an important security\nfunction could be bypassed if stack entries are not centralized.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth\nwhen changing passwords:\n\n    # cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth\n    password     substack     system-auth\n\n    If no results are returned, the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.\n\n    Add the following line to \\\"/etc/pam.d/passwd\\\" (or modify the line to have\nthe required value):\n\n    password     substack    system-auth\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-81003\"\n  tag rid: \"SV-95715r1_rule\"\n  tag stig_id: \"RHEL-07-010118\"\n  tag fix_id: \"F-87837r1_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  # Get the content of /etc/pam.d/passwd as an array\n  pam_passwd_content = file('/etc/pam.d/passwd').content.strip.split(\"\\n\")\n  # Make a new array of any line matching the target pattern:\n  # /password\\s+substack\\s+system-auth\n  matching_lines = pam_passwd_content.select { |i| i.match(/password\\s+substack\\s+system-auth/) }\n\n  describe '/etc/pam.d/passwd' do\n    subject { matching_lines }\n    it 'substacks system-auth' do\n      expect(subject.length).to(eql 1)\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/pam.d/passwd substacks system-auth</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86645r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories are group-owned by the home
-directory owners primary group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the Group Identifier (GID) of a local interactive user&#39;s home
+directory owners primary group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the Group Identifier (GID) of a local interactive user's home
 directory is not the same as the primary GID of the user, this would allow
-unauthorized access to the user&#39;s files, and users that share the same group
-may not be able to access files that they legitimately should.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized access to the user's files, and users that share the same group
+may not be able to access files that they legitimately should.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users is
-group-owned by that user&#39;s primary GID.
+group-owned by that user's primary GID.
 
     Check the home directory assignment for all local interactive users on the
 system with the following command:
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
 
-    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 &#x2F;home&#x2F;smithj
+    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj
 
-    Check the user&#39;s primary group with the following command:
+    Check the user's primary group with the following command:
 
-    # grep users &#x2F;etc&#x2F;group
+    # grep users /etc/group
 
     users:x:250:smithj,jonesj,jacksons
 
-    If the user home directory referenced in &quot;&#x2F;etc&#x2F;passwd&quot; is not group-owned
-by that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group owner of a local interactive user&#39;s home directory to the
-group found in &quot;&#x2F;etc&#x2F;passwd&quot;. To change the group owner of a local
-interactive user&#39;s home directory, use the following command:
-
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;, and has a primary group of users.
-
-    # chgrp users &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7fc68934-942f-4593-b916-ca3accbed0c5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories that are not group-owned by the user&#39;s primary GID is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72183</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86807r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030800</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If the user home directory referenced in "/etc/passwd" is not group-owned
+by that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group owner of a local interactive user's home directory to the
+group found in "/etc/passwd". To change the group owner of a local
+interactive user's home directory, use the following command:
+
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj", and has a primary group of users.
+
+    # chgrp users /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72021\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are group-owned by the home\ndirectory owners primary group.\"\n  desc  \"If the Group Identifier (GID) of a local interactive user's home\ndirectory is not the same as the primary GID of the user, this would allow\nunauthorized access to the user's files, and users that share the same group\nmay not be able to access files that they legitimately should.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users is\ngroup-owned by that user's primary GID.\n\n    Check the home directory assignment for all local interactive users on the\nsystem with the following command:\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n\n    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj\n\n    Check the user's primary group with the following command:\n\n    # grep users /etc/group\n\n    users:x:250:smithj,jonesj,jacksons\n\n    If the user home directory referenced in \\\"/etc/passwd\\\" is not group-owned\nby that user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group owner of a local interactive user's home directory to the\ngroup found in \\\"/etc/passwd\\\". To change the group owner of a local\ninteractive user's home directory, use the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\", and has a primary group of users.\n\n    # chgrp users /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72021\"\n  tag rid: \"SV-86645r5_rule\"\n  tag stig_id: \"RHEL-07-020650\"\n  tag fix_id: \"F-78373r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -maxdepth 0 -not -gid #{user_info.gid}\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories that are not group-owned by the user's primary GID\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories that are not group-owned by the user's primary GID is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72183</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86807r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030800</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the crontab command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the crontab command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged commands. The organization must maintain audit trails in sufficient
-detail to reconstruct events to determine the cause and impact of compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+detail to reconstruct events to determine the cause and impact of compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;crontab&quot; command occur.
+successful/unsuccessful attempts to use the "crontab" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;crontab &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/crontab /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;crontab -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-cron
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;crontab&quot; command occur.
+successful/unsuccessful attempts to use the "crontab" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;crontab -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-cron
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a2c3accc-0822-4bba-811e-324a85e2c50a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;crontab&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;crontab&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72083</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86707r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72183\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe crontab command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged commands. The organization must maintain audit trails in sufficient\ndetail to reconstruct events to determine the cause and impact of compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"crontab\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/crontab /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-cron\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"crontab\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-cron\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72183\"\n  tag rid: \"SV-86807r3_rule\"\n  tag stig_id: \"RHEL-07-030800\"\n  tag fix_id: \"F-78537r4_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/crontab'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/crontab" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/crontab" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72083</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86707r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must off-load audit
-records onto a different system or media from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records onto a different system or media from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
-storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system off-loads audit records onto a different system
 or media from the system being audited.
 
     To determine the remote server that the records are being sent to, use the
 following command:
 
-    # grep -i remote_server &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    remote_server &#x3D; 10.0.21.1
+    # grep -i remote_server /etc/audisp/audisp-remote.conf
+    remote_server = 10.0.21.1
 
     If a remote server is not configured, or the line is commented out, ask the
 System Administrator to indicate how the audit logs are off-loaded to a
 different system or media.
 
     If there is no evidence that the audit logs are being off-loaded to another
-system or media, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+system or media, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to off-load audit records onto a different
 system or media from the system being audited.
 
-    Set the remote server option in &quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; with the
-IP address of the log aggregation server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6fd56940-3b57-4eb0-9023-d77e7706bc39</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86869r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the remote server option in "/etc/audisp/audisp-remote.conf" with the
+IP address of the log aggregation server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72083\" do\n  title \"The Red Hat Enterprise Linux operating system must off-load audit\nrecords onto a different system or media from the system being audited.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system off-loads audit records onto a different system\nor media from the system being audited.\n\n    To determine the remote server that the records are being sent to, use the\nfollowing command:\n\n    # grep -i remote_server /etc/audisp/audisp-remote.conf\n    remote_server = 10.0.21.1\n\n    If a remote server is not configured, or the line is commented out, ask the\nSystem Administrator to indicate how the audit logs are off-loaded to a\ndifferent system or media.\n\n    If there is no evidence that the audit logs are being off-loaded to another\nsystem or media, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to off-load audit records onto a different\nsystem or media from the system being audited.\n\n    Set the remote server option in \\\"/etc/audisp/audisp-remote.conf\\\" with the\nIP address of the log aggregation server.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-72083\"\n  tag rid: \"SV-86707r2_rule\"\n  tag stig_id: \"RHEL-07-030300\"\n  tag fix_id: \"F-78435r1_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audisp-remote.conf').exist?\n    describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n      its('remote_server'.to_s) { should match %r{^\\S+$} }\n      its('remote_server'.to_s) { should_not be_in ['localhost', '127.0.0.1'] }\n    end\n  else\n    describe \"File '/etc/audisp/audisp-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audisp-remote.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/audisp-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/audisp-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72245</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86869r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the date
-and time of the last successful account logon upon an SSH logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+and time of the last successful account logon upon an SSH logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Providing users with feedback on when account accesses via SSH last
 occurred facilitates user recognition and reporting of unauthorized account
-use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify SSH provides users with feedback on when account accesses last
 occurred.
 
-    Check that &quot;PrintLastLog&quot; keyword in the sshd daemon configuration file
-is used and set to &quot;yes&quot; with the following command:
+    Check that "PrintLastLog" keyword in the sshd daemon configuration file
+is used and set to "yes" with the following command:
 
-    # grep -i printlastlog &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i printlastlog /etc/ssh/sshd_config
     PrintLastLog yes
 
-    If the &quot;PrintLastLog&quot; keyword is set to &quot;no&quot;, is missing, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PrintLastLog" keyword is set to "no", is missing, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to provide users with feedback on when account accesses last
-occurred by setting the required configuration options in &quot;&#x2F;etc&#x2F;pam.d&#x2F;sshd&quot;
-or in the &quot;sshd_config&quot; file used by the system (&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;
+occurred by setting the required configuration options in "/etc/pam.d/sshd"
+or in the "sshd_config" file used by the system ("/etc/ssh/sshd_config"
 will be used in the example) (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
 vendor).
 
-    Modify the &quot;PrintLastLog&quot; line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; to match the
+    Modify the "PrintLastLog" line in "/etc/ssh/sshd_config" to match the
 following:
 
     PrintLastLog yes
 
-    The SSH service must be restarted for changes to &quot;sshd_config&quot; to take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>de8fcce9-9f97-42d4-a533-08b553e74a68</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PrintLastLog is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71959</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86583r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to "sshd_config" to take
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72245\" do\n  title \"The Red Hat Enterprise Linux operating system must display the date\nand time of the last successful account logon upon an SSH logon.\"\n  desc  \"Providing users with feedback on when account accesses via SSH last\noccurred facilitates user recognition and reporting of unauthorized account\nuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify SSH provides users with feedback on when account accesses last\noccurred.\n\n    Check that \\\"PrintLastLog\\\" keyword in the sshd daemon configuration file\nis used and set to \\\"yes\\\" with the following command:\n\n    # grep -i printlastlog /etc/ssh/sshd_config\n    PrintLastLog yes\n\n    If the \\\"PrintLastLog\\\" keyword is set to \\\"no\\\", is missing, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to provide users with feedback on when account accesses last\noccurred by setting the required configuration options in \\\"/etc/pam.d/sshd\\\"\nor in the \\\"sshd_config\\\" file used by the system (\\\"/etc/ssh/sshd_config\\\"\nwill be used in the example) (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor).\n\n    Modify the \\\"PrintLastLog\\\" line in \\\"/etc/ssh/sshd_config\\\" to match the\nfollowing:\n\n    PrintLastLog yes\n\n    The SSH service must be restarted for changes to \\\"sshd_config\\\" to take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72245\"\n  tag rid: \"SV-86869r3_rule\"\n  tag stig_id: \"RHEL-07-040360\"\n  tag fix_id: \"F-78599r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if sshd_config.params['printlastlog'] == ['yes']\n    describe sshd_config do\n      its('PrintLastLog') { should cmp 'yes' }\n    end\n  else\n    describe pam('/etc/pam.d/sshd') do\n      its('lines') { should match_pam_rule('session required pam_lastlog.so showfailed') }\n      its('lines') { should match_pam_rule('session required pam_lastlog.so showfailed').all_without_args('silent') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PrintLastLog is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71959</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86583r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow a
-non-certificate trusted host SSH logon to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+non-certificate trusted host SSH logon to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow a non-certificate trusted host
 SSH logon to the system.
 
-    Check for the value of the &quot;HostbasedAuthentication&quot; keyword with the
+    Check for the value of the "HostbasedAuthentication" keyword with the
 following command:
 
-    # grep -i hostbasedauthentication &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i hostbasedauthentication /etc/ssh/sshd_config
     HostbasedAuthentication no
 
-    If the &quot;HostbasedAuthentication&quot; keyword is not set to &quot;no&quot;, is
-missing, or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "HostbasedAuthentication" keyword is not set to "no", is
+missing, or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow a non-certificate trusted host
 SSH logon to the system.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for
-&quot;HostbasedAuthentication&quot; keyword and set the value to &quot;no&quot;:
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for
+"HostbasedAuthentication" keyword and set the value to "no":
 
     HostbasedAuthentication no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0858a516-dfe3-4e0a-a592-df5c9dcd3402</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration HostbasedAuthentication is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72285</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86909r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71959\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow a\nnon-certificate trusted host SSH logon to the system.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow a non-certificate trusted host\nSSH logon to the system.\n\n    Check for the value of the \\\"HostbasedAuthentication\\\" keyword with the\nfollowing command:\n\n    # grep -i hostbasedauthentication /etc/ssh/sshd_config\n    HostbasedAuthentication no\n\n    If the \\\"HostbasedAuthentication\\\" keyword is not set to \\\"no\\\", is\nmissing, or is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow a non-certificate trusted host\nSSH logon to the system.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for\n\\\"HostbasedAuthentication\\\" keyword and set the value to \\\"no\\\":\n\n    HostbasedAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71959\"\n  tag rid: \"SV-86583r3_rule\"\n  tag stig_id: \"RHEL-07-010470\"\n  tag fix_id: \"F-78311r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('HostbasedAuthentication') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration HostbasedAuthentication is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72285</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86909r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward
-Internet Protocol version 4 (IPv4) source-routed packets by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Internet Protocol version 4 (IPv4) source-routed packets by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv4
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not accept IPv4 source-routed packets by default.
 
-    # grep net.ipv4.conf.default.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    # grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
+    net.ipv4.conf.default.accept_source_route = 0
 
-    If &quot; net.ipv4.conf.default.accept_source_route &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.default.accept_source_route " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.default.accept_source_route
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route
+    net.ipv4.conf.default.accept_source_route = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    net.ipv4.conf.default.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>323db053-f487-4eb1-a340-2fc75a09abe3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72025</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86649r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72285\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward\nInternet Protocol version 4 (IPv4) source-routed packets by default.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv4\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not accept IPv4 source-routed packets by default.\n\n    # grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n    net.ipv4.conf.default.accept_source_route = 0\n\n    If \\\" net.ipv4.conf.default.accept_source_route \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route\n    net.ipv4.conf.default.accept_source_route = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72285\"\n  tag rid: \"SV-86909r2_rule\"\n  tag stig_id: \"RHEL-07-040620\"\n  tag fix_id: \"F-78639r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.accept_source_route') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72025</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86649r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
 directories are group-owned by a group of which the home directory owner is a
-member.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a local interactive user&#39;s files are group-owned by a group of
-which the user is not a member, unintended users may be able to access them.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+member.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a local interactive user's files are group-owned by a group of
+which the user is not a member, unintended users may be able to access them.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user home directory
 are group-owned by a group the user is a member of.
 
     Check the group owner of all files and directories in a local interactive
-user&#39;s home directory with the following command:
+user's home directory with the following command:
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;&lt;home directory&gt;&#x2F;&lt;users home directory&gt;&#x2F;
+    # ls -lLR /&lt;home directory&gt;/&lt;users home directory&gt;/
     -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1
     -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r--r-- 1 smithj sa        231 Mar  5 17:06 file3
@@ -17410,301 +16621,288 @@ of &quot;&#x2F;home&#x2F;smithj&quot;.
 directory user, check to see if the user is a member of that group with the
 following command:
 
-    # grep smithj &#x2F;etc&#x2F;group
+    # grep smithj /etc/group
     sa:x:100:juan,shelley,bob,smithj
     smithj:x:521:smithj
 
     If the user is not a member of a group that group owns file(s) in a local
-interactive user&#39;s home directory, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group of a local interactive user&#39;s files and directories to a
+interactive user's home directory, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group of a local interactive user's files and directories to a
 group that the interactive user is a member of. To change the group owner of a
-local interactive user&#39;s files and directories, use the following command:
+local interactive user's files and directories, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and is a member of the users group.
-
-    # chgrp users &#x2F;home&#x2F;smithj&#x2F;&lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d43e3cb4-6614-43a2-abec-83e4eaa790e8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directory files with incorrect group ownership or not &#39;root&#39; owned is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86811r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030820</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj" and is a member of the users group.
+
+    # chgrp users /home/smithj/&lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72025\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories are group-owned by a group of which the home directory owner is a\nmember.\"\n  desc  \"If a local interactive user's files are group-owned by a group of\nwhich the user is not a member, unintended users may be able to access them.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories in a local interactive user home directory\nare group-owned by a group the user is a member of.\n\n    Check the group owner of all files and directories in a local interactive\nuser's home directory with the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /&lt;home directory&gt;/&lt;users home directory&gt;/\n    -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r--r-- 1 smithj sa        231 Mar  5 17:06 file3\n\n    If any files are found with an owner different than the group home\ndirectory user, check to see if the user is a member of that group with the\nfollowing command:\n\n    # grep smithj /etc/group\n    sa:x:100:juan,shelley,bob,smithj\n    smithj:x:521:smithj\n\n    If the user is not a member of a group that group owns file(s) in a local\ninteractive user's home directory, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group of a local interactive user's files and directories to a\ngroup that the interactive user is a member of. To change the group owner of a\nlocal interactive user's files and directories, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\" and is a member of the users group.\n\n    # chgrp users /home/smithj/&lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72025\"\n  tag rid: \"SV-86649r2_rule\"\n  tag stig_id: \"RHEL-07-020670\"\n  tag fix_id: \"F-78377r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    find_args = \"\"\n    user_info.groups.each { |curr_group|\n      # some key files and secure dirs (like .ssh) are group owned 'root'\n      find_args = find_args + \"-not -group #{curr_group} -o root\"\n    }\n    findings = findings + command(\"find #{user_info.home} -xdev -xautofs #{find_args}\").stdout.split(\"\\n\")\n  end\n  describe \"Home directory files with incorrect group ownership or not 'root' owned\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directory files with incorrect group ownership or not 'root' owned is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86811r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030820</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the init_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the init_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;init_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "init_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw init_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw init_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S init_module -k module-change
+    -a always,exit -F arch=b32 -S init_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S init_module -k module-change
+    -a always,exit -F arch=b64 -S init_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;init_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"init_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;init_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S init_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S init_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>72b8c5df-1ed5-4bdd-82f9-6679bbdd1f47</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86717r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "init_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S init_module -k module-change
+
+    -a always,exit -F arch=b64 -S init_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72187\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe init_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"init_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw init_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S init_module -k module-change\n\n    -a always,exit -F arch=b64 -S init_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"init_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"init_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S init_module -k module-change\n\n    -a always,exit -F arch=b64 -S init_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72187\"\n  tag rid: \"SV-86811r5_rule\"\n  tag stig_id: \"RHEL-07-030820\"\n  tag fix_id: \"F-78541r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"init_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"init_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "init_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86717r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must immediately notify
 the System Administrator (SA) and Information System Security Officer (ISSO)
 (at a minimum) when the threshold for the repository maximum audit record
-storage capacity is reached.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+storage capacity is reached.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when the threshold
 for the repository maximum audit record storage capacity is reached, they are
-unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system immediately notifies the SA and ISSO (at a
 minimum) via email when the threshold for the repository maximum audit record
 storage capacity is reached.
@@ -17713,445 +16911,427 @@ storage capacity is reached.
 repository maximum audit record storage capacity is reached with the following
 command:
 
-    # grep -i action_mail_acct  &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    action_mail_acct &#x3D; root
+    # grep -i action_mail_acct  /etc/audit/auditd.conf
+    action_mail_acct = root
 
-    If the value of the &quot;action_mail_acct&quot; keyword is not set to &quot;root&quot; and
-other accounts for security personnel, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "action_mail_acct" keyword is not set to "root" and
+other accounts for security personnel, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to immediately notify the SA and ISSO (at a
 minimum) when the threshold for the repository maximum audit record storage
 capacity is reached.
 
-    Uncomment or edit the &quot;action_mail_acct&quot; keyword in
-&quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot; and set it to root and any other accounts associated
+    Uncomment or edit the "action_mail_acct" keyword in
+"/etc/audit/auditd.conf" and set it to root and any other accounts associated
 with security personnel.
 
-    action_mail_acct &#x3D; root</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bc87c0d8-3e5f-4bbb-b395-85bfd1df5af1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config action_mail_acct is expected to cmp &#x3D;&#x3D; &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86825r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030890</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    action_mail_acct = root</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72093\" do\n  title \"The Red Hat Enterprise Linux operating system must immediately notify\nthe System Administrator (SA) and Information System Security Officer (ISSO)\n(at a minimum) when the threshold for the repository maximum audit record\nstorage capacity is reached.\"\n  desc  \"If security personnel are not notified immediately when the threshold\nfor the repository maximum audit record storage capacity is reached, they are\nunable to expand the audit record storage capacity before records are lost.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system immediately notifies the SA and ISSO (at a\nminimum) via email when the threshold for the repository maximum audit record\nstorage capacity is reached.\n\n    Check what account the operating system emails when the threshold for the\nrepository maximum audit record storage capacity is reached with the following\ncommand:\n\n    # grep -i action_mail_acct  /etc/audit/auditd.conf\n    action_mail_acct = root\n\n    If the value of the \\\"action_mail_acct\\\" keyword is not set to \\\"root\\\" and\nother accounts for security personnel, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to immediately notify the SA and ISSO (at a\nminimum) when the threshold for the repository maximum audit record storage\ncapacity is reached.\n\n    Uncomment or edit the \\\"action_mail_acct\\\" keyword in\n\\\"/etc/audit/auditd.conf\\\" and set it to root and any other accounts associated\nwith security personnel.\n\n    action_mail_acct = root\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72093\"\n  tag rid: \"SV-86717r3_rule\"\n  tag stig_id: \"RHEL-07-030350\"\n  tag fix_id: \"F-78445r3_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  describe auditd_conf  do\n    its('action_mail_acct') { should cmp 'root' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config action_mail_acct is expected to cmp == "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86825r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030890</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the renameat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the renameat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;renameat&quot; syscall occur.
+successful/unsuccessful attempts to use the "renameat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw renameat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw renameat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;renameat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"renameat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;renameat&quot; syscall occur.
+successful/unsuccessful attempts to use the "renameat" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>78768756-5253-44d4-b437-2c87f3319b3f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86659r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72201\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe renameat syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"renameat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw renameat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"renameat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"renameat\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72201\"\n  tag rid: \"SV-86825r5_rule\"\n  tag stig_id: \"RHEL-07-030890\"\n  tag fix_id: \"F-78555r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"renameat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"renameat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "renameat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72035</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86659r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user initialization files executable search paths
-contain only paths that resolve to the users home directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+contain only paths that resolve to the users home directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The executable search path (typically the PATH environment variable)
 contains a list of directories for the shell to search to find executables. If
-this path includes the current working directory (other than the user&#39;s home
+this path includes the current working directory (other than the user's home
 directory), executables in these directories may be executed instead of system
 commands. This variable is formatted as a colon-separated list of directories.
 If there is an empty entry, such as a leading or trailing colon or two
 consecutive colons, this is interpreted as the current working directory. If
 deviations from the default system search path for the local interactive user
 are required, they must be documented with the Information System Security
-Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that all local interactive user initialization files&#39; executable
+Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that all local interactive user initialization files' executable
 search path statements do not contain statements that will reference a working
-directory other than the users&#39; home directory.
+directory other than the users' home directory.
 
     Check the executable search path statement for all local interactive user
-initialization files in the users&#39; home directory with the following commands:
+initialization files in the users' home directory with the following commands:
 
     Note: The example will be for the smithj user, which has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+of "/home/smithj".
 
-    # grep -i path &#x2F;home&#x2F;smithj&#x2F;.*
-    &#x2F;home&#x2F;smithj&#x2F;.bash_profile:PATH&#x3D;$PATH:$HOME&#x2F;.local&#x2F;bin:$HOME&#x2F;bin
-    &#x2F;home&#x2F;smithj&#x2F;.bash_profile:export PATH
+    # grep -i path /home/smithj/.*
+    /home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
+    /home/smithj/.bash_profile:export PATH
 
     If any local interactive user initialization files have executable search
 path statements that include directories outside of their home directory, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Edit the local interactive user initialization files to change any PATH
 variable statements that reference directories other than their home directory.
 
     If a local interactive user requires path variables to reference a
-directory owned by the application, it must be documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c064d4e7-cf00-4e25-9a61-67945c8738f0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Initialization files that include executable search paths that include directories outside their home directories is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71917</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86541r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010190</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+directory owned by the application, it must be documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72035\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user initialization files executable search paths\ncontain only paths that resolve to the users home directory.\"\n  desc  \"The executable search path (typically the PATH environment variable)\ncontains a list of directories for the shell to search to find executables. If\nthis path includes the current working directory (other than the user's home\ndirectory), executables in these directories may be executed instead of system\ncommands. This variable is formatted as a colon-separated list of directories.\nIf there is an empty entry, such as a leading or trailing colon or two\nconsecutive colons, this is interpreted as the current working directory. If\ndeviations from the default system search path for the local interactive user\nare required, they must be documented with the Information System Security\nOfficer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all local interactive user initialization files' executable\nsearch path statements do not contain statements that will reference a working\ndirectory other than the users' home directory.\n\n    Check the executable search path statement for all local interactive user\ninitialization files in the users' home directory with the following commands:\n\n    Note: The example will be for the smithj user, which has a home directory\nof \\\"/home/smithj\\\".\n\n    # grep -i path /home/smithj/.*\n    /home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin\n    /home/smithj/.bash_profile:export PATH\n\n    If any local interactive user initialization files have executable search\npath statements that include directories outside of their home directory, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the local interactive user initialization files to change any PATH\nvariable statements that reference directories other than their home directory.\n\n    If a local interactive user requires path variables to reference a\ndirectory owned by the application, it must be documented with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72035\"\n  tag rid: \"SV-86659r4_rule\"\n  tag stig_id: \"RHEL-07-020720\"\n  tag fix_id: \"F-78387r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    grep_results =  command(\"grep -i path --exclude=\\\".bash_history\\\" #{user_info.home}/.*\").stdout.split(\"\\\\n\")\n    grep_results.each do |result|\n      result.slice! \"PATH=\"\n      # Case when last value in exec search path is :\n      if result[-1] == \":\" then\n        result = result + \" \"\n      end\n      result.slice! \"$PATH:\"\n      result.gsub! '$HOME', \"#{user_info.home}\"\n      result.gsub! '~', \"#{user_info.home}\"\n      line_arr = result.split(\":\")\n      line_arr.delete_at(0)\n      line_arr.each do |line|\n        # Don't run test on line that exports PATH and is not commented out\n        if !line.start_with?('export') &amp;&amp; !line.start_with?('#') then\n          # Case when :: found in exec search path or : found at beginning\n          if line.strip.empty? then\n            curr_work_dir = command(\"pwd\").stdout.gsub(\"\\n\", \"\")\n            if curr_work_dir.start_with?(\"#{user_info.home}\") then\n              line = curr_work_dir\n            end\n          end\n          # This will fail if non-home directory found in path\n          if !line.start_with?(user_info.home)\n            findings.add(line)\n          end\n        end\n      end\n    end\n  end\n  describe.one do\n    describe etc_fstab do\n      its('home_mount_options') { should include 'nosuid' }\n    end\n    describe \"Initialization files that include executable search paths that include directories outside their home directories\" do\n      subject { findings.to_a }\n      it { should be_empty }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Initialization files that include executable search paths that include directories outside their home directories is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71917</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86541r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010190</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed the number of repeating characters of the same
-character class must not be more than four characters.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+character class must not be more than four characters.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -18160,145 +17340,140 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;maxclassrepeat&quot; option sets the maximum number of allowed same
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "maxclassrepeat" option sets the maximum number of allowed same
 consecutive characters in the same class in the new password.
 
-    Check for the value of the &quot;maxclassrepeat&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "maxclassrepeat" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep maxclassrepeat &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    maxclassrepeat &#x3D; 4
+    # grep maxclassrepeat /etc/security/pwquality.conf
+    maxclassrepeat = 4
 
-    If the value of &quot;maxclassrepeat&quot; is set to more than &quot;4&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "maxclassrepeat" is set to more than "4", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of the number of
 repeating characters of the same character class when passwords are changed by
-setting the &quot;maxclassrepeat&quot; option.
+setting the "maxclassrepeat" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; conf (or modify
+    Add the following line to "/etc/security/pwquality.conf" conf (or modify
 the line to have the required value):
 
-    maxclassrepeat &#x3D; 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>849363c7-3e89-4425-afaf-614dfe075427</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf maxclassrepeat.to_i is expected to cmp &lt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72225</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86849r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040170</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    maxclassrepeat = 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71917\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed the number of repeating characters of the same\ncharacter class must not be more than four characters.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"maxclassrepeat\\\" option sets the maximum number of allowed same\nconsecutive characters in the same class in the new password.\n\n    Check for the value of the \\\"maxclassrepeat\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep maxclassrepeat /etc/security/pwquality.conf\n    maxclassrepeat = 4\n\n    If the value of \\\"maxclassrepeat\\\" is set to more than \\\"4\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of the number of\nrepeating characters of the same character class when passwords are changed by\nsetting the \\\"maxclassrepeat\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" conf (or modify\nthe line to have the required value):\n\n    maxclassrepeat = 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71917\"\n  tag rid: \"SV-86541r2_rule\"\n  tag stig_id: \"RHEL-07-010190\"\n  tag fix_id: \"F-78269r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('maxclassrepeat.to_i') { should cmp &lt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf maxclassrepeat.to_i is expected to cmp &lt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72225</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86849r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040170</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner immediately prior to, or as
-part of, remote access logon prompts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+part of, remote access logon prompts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the publicly accessible operating system ensures privacy and
 security notification verbiage used is consistent with applicable federal laws,
@@ -18311,7 +17486,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -18336,14 +17511,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify any publicly accessible connection to the operating system displays
 the Standard Mandatory DoD Notice and Consent Banner before granting access to
 the system.
@@ -18351,19 +17526,19 @@ the system.
     Check for the location of the banner file being used with the following
 command:
 
-    # grep -i banner &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i banner /etc/ssh/sshd_config
 
-    banner &#x2F;etc&#x2F;issue
+    banner /etc/issue
 
     This command will return the banner keyword and the name of the file that
-contains the ssh banner (in this case &quot;&#x2F;etc&#x2F;issue&quot;).
+contains the ssh banner (in this case "/etc/issue").
 
     If the line is commented out, this is a finding.
 
     View the file specified by the banner keyword to check that it matches the
 text of the Standard Mandatory DoD Notice and Consent Banner:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only. By using this IS (which includes any
 device attached to this IS), you consent to the following conditions:
 
@@ -18386,32 +17561,32 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
+Agreement for details."
 
     If the system does not display a graphical logon banner or the banner does
 not match the Standard Mandatory DoD Notice and Consent Banner, this is a
 finding.
 
     If the text in the file does not match the Standard Mandatory DoD Notice
-and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system via the ssh.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment the banner keyword and
+    Edit the "/etc/ssh/sshd_config" file to uncomment the banner keyword and
 configure it to point to a file that will contain the logon banner (this file
 may be named differently or be in a different location if using a version of
 SSH that is provided by a third-party vendor). An example configuration line is:
 
-    banner &#x2F;etc&#x2F;issue
+    banner /etc/issue
 
     Either create the file containing the banner or replace the text in the
 file with the Standard Mandatory DoD Notice and Consent Banner. The DoD
 required text is:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only. By using this IS (which includes any
 device attached to this IS), you consent to the following conditions:
 
@@ -18434,1508 +17609,1443 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
-
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>68760ad2-e633-46e1-baa6-ce5860964f7b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001385</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001386</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001387</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001388</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The SSHD Banner is set to the standard banner and has the correct text is expected to cmp &#x3D;&#x3D; &quot;YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.&quot;
-
+Agreement for details."
+
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72225\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner immediately prior to, or as\npart of, remote access logon prompts.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the publicly accessible operating system ensures privacy and\nsecurity notification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify any publicly accessible connection to the operating system displays\nthe Standard Mandatory DoD Notice and Consent Banner before granting access to\nthe system.\n\n    Check for the location of the banner file being used with the following\ncommand:\n\n    # grep -i banner /etc/ssh/sshd_config\n\n    banner /etc/issue\n\n    This command will return the banner keyword and the name of the file that\ncontains the ssh banner (in this case \\\"/etc/issue\\\").\n\n    If the line is commented out, this is a finding.\n\n    View the file specified by the banner keyword to check that it matches the\ntext of the Standard Mandatory DoD Notice and Consent Banner:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only. By using this IS (which includes any\ndevice attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    If the system does not display a graphical logon banner or the banner does\nnot match the Standard Mandatory DoD Notice and Consent Banner, this is a\nfinding.\n\n    If the text in the file does not match the Standard Mandatory DoD Notice\nand Consent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system via the ssh.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment the banner keyword and\nconfigure it to point to a file that will contain the logon banner (this file\nmay be named differently or be in a different location if using a version of\nSSH that is provided by a third-party vendor). An example configuration line is:\n\n    banner /etc/issue\n\n    Either create the file containing the banner or replace the text in the\nfile with the Standard Mandatory DoD Notice and Consent Banner. The DoD\nrequired text is:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only. By using this IS (which includes any\ndevice attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-72225\"\n  tag rid: \"SV-86849r4_rule\"\n  tag stig_id: \"RHEL-07-040170\"\n  tag fix_id: \"F-78579r4_fix\"\n  tag cci: [\"CCI-000048\", \"CCI-000050\", \"CCI-001384\", \"CCI-001385\",\n\"CCI-001386\", \"CCI-001387\", \"CCI-001388\"]\n  tag nist: [\"AC-8 a\", \"AC-8 b\", \"AC-8 c 1\", \"AC-8 c 2\", \"AC-8 c 2\", \"AC-8 c\n2\", \"AC-8 c 3\", \"Rev_4\"]\n\n  banner_message_text_ral = input('banner_message_text_ral')\n  banner_message_text_ral_limited = input('banner_message_text_ral_limited')\n\n  #When Banner is commented, not found, disabled, or the specified file does not exist, this is a finding.\n  banner_files = [sshd_config.banner].flatten\n\n  banner_files.each do |banner_file|\n\n    #Banner property is commented out.\n    describe \"The SSHD Banner is not set\" do\n      subject { banner_file.nil? }\n      it { should be false }\n    end if banner_file.nil?\n\n    #Banner property is set to \"none\"\n    describe \"The SSHD Banner is disabled\" do\n      subject { banner_file.match(/none/i).nil? }\n      it { should be true }\n    end if !banner_file.nil? &amp;&amp; !banner_file.match(/none/i).nil?\n\n    #Banner property provides a path to a file, however, it does not exist.\n    describe \"The SSHD Banner is set, but, the file does not exist\" do\n      subject { file(banner_file).exist? }\n      it { should be true }\n    end if !banner_file.nil? &amp;&amp; banner_file.match(/none/i).nil? &amp;&amp; !file(banner_file).exist?\n\n    #Banner property provides a path to a file and it exists.\n    describe.one do\n      banner = file(banner_file).content.gsub(%r{[\\r\\n\\s]}, '')\n      clean_banner = banner_message_text_ral.gsub(%r{[\\r\\n\\s]}, '')\n      clean_banner_limited = banner_message_text_ral_limited.gsub(%r{[\\r\\n\\s]}, '')\n\n      describe \"The SSHD Banner is set to the standard banner and has the correct text\" do\n        subject { banner }\n        it { should cmp clean_banner }\n      end\n\n      describe \"The SSHD Banner is set to the standard limited banner and has the correct text\" do\n        subject { banner }\n        it { should cmp clean_banner_limited }\n      end\n    end if !banner_file.nil? &amp;&amp; banner_file.match(/none/i).nil? &amp;&amp; file(banner_file).exist?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001385</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001386</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001387</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001388</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The SSHD Banner is set to the standard banner and has the correct text is expected to cmp == "YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails." :: MESSAGE 
 expected: YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-The SSHD Banner is set to the standard limited banner and has the correct text is expected to cmp &#x3D;&#x3D; &quot;I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.&quot;
-
-expected: I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.
+passed :: TEST The SSHD Banner is set to the standard limited banner and has the correct text is expected to cmp == "I'veread&amp;consenttotermsinISuseragreem't." :: MESSAGE 
+expected: I'veread&amp;consenttotermsinISuseragreem't.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72257</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86881r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72257</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86881r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH private host key files have mode 0640 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH private host key files have mode 0640 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an unauthorized user obtains the private SSH host key file, the
-host could be impersonated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the SSH private host key files have mode &quot;0640&quot; or less permissive.
+host could be impersonated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the SSH private host key files have mode "0640" or less permissive.
 
     The following command will find all SSH private key files on the system and
 list their modes:
 
-    # find &#x2F; -name &#39;*ssh_host*key&#39; | xargs ls -lL
+    # find / -name '*ssh_host*key' | xargs ls -lL
 
     -rw-r----- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key
     -rw-r----- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key
     -rw-r----- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key
 
-    If any file has a mode more permissive than &quot;0640&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the mode of SSH private host key files under &quot;&#x2F;etc&#x2F;ssh&quot; to
-&quot;0640&quot; with the following command:
-
-    # chmod 0640 &#x2F;path&#x2F;to&#x2F;file&#x2F;ssh_host*key</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>08c991ac-9825-4663-b3ad-ac0b4dbba05c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86831r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030920</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If any file has a mode more permissive than "0640", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the mode of SSH private host key files under "/etc/ssh" to
+"0640" with the following command:
+
+    # chmod 0640 /path/to/file/ssh_host*key</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72257\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH private host key files have mode 0640 or less permissive.\"\n  desc  \"If an unauthorized user obtains the private SSH host key file, the\nhost could be impersonated.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH private host key files have mode \\\"0640\\\" or less permissive.\n\n    The following command will find all SSH private key files on the system and\nlist their modes:\n\n    # find / -name '*ssh_host*key' | xargs ls -lL\n\n    -rw-r----- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key\n    -rw-r----- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key\n    -rw-r----- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key\n\n    If any file has a mode more permissive than \\\"0640\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the mode of SSH private host key files under \\\"/etc/ssh\\\" to\n\\\"0640\\\" with the following command:\n\n    # chmod 0640 /path/to/file/ssh_host*key\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72257\"\n  tag rid: \"SV-86881r3_rule\"\n  tag stig_id: \"RHEL-07-040420\"\n  tag fix_id: \"F-78611r5_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  key_files = command(\"find /etc/ssh -xdev -name '*ssh_host*key' -perm /177\").stdout.split(\"\\n\")\n  if !key_files.nil? and !key_files.empty?\n    key_files.each do |keyfile|\n      describe file(keyfile) do\n        it { should_not be_executable.by('owner') }\n        it { should_not be_readable.by('group') }\n        it { should_not be_writable.by('group') }\n        it { should_not be_executable.by('group') }\n        it { should_not be_readable.by('others') }\n        it { should_not be_writable.by('others') }\n        it { should_not be_executable.by('others') }\n      end\n    end\n  else\n    describe \"No files have a more permissive mode.\" do\n      subject { key_files.nil? or key_files.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86831r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030920</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unlinkat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unlinkat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlinkat&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlinkat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw unlinkat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw unlinkat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;unlinkat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"unlinkat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlinkat&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlinkat" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>176daa0e-1692-44aa-aaa2-af58afb0f749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86683r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72207\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unlinkat syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlinkat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw unlinkat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"unlinkat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlinkat\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72207\"\n  tag rid: \"SV-86831r5_rule\"\n  tag stig_id: \"RHEL-07-030920\"\n  tag fix_id: \"F-78561r10_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"unlinkat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"unlinkat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86683r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that a separate file system is used for user home directories (such as &#x2F;home or
-an equivalent).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that a separate file system is used for user home directories (such as /home or
+an equivalent).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for
 non-privileged local interactive user home directories.
 
     Check the home directory assignment for all non-privileged users (those
 with a UID greater than 1000) on the system with the following command:
 
-    #cut -d: -f 1,3,6,7 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot; | tr &quot;:&quot;
-&quot;\t&quot;
+    #cut -d: -f 1,3,6,7 /etc/passwd | egrep ":[1-4][0-9]{3}" | tr ":"
+"\t"
 
-    adamsj &#x2F;home&#x2F;adamsj &#x2F;bin&#x2F;bash
-    jacksonm &#x2F;home&#x2F;jacksonm &#x2F;bin&#x2F;bash
-    smithj &#x2F;home&#x2F;smithj &#x2F;bin&#x2F;bash
+    adamsj /home/adamsj /bin/bash
+    jacksonm /home/jacksonm /bin/bash
+    smithj /home/smithj /bin/bash
 
-    The output of the command will give the directory&#x2F;partition that contains
+    The output of the command will give the directory/partition that contains
 the home directories for the non-privileged users on the system (in this
-example, &#x2F;home) and users&#39; shell. All accounts with a valid shell (such as
-&#x2F;bin&#x2F;bash) are considered interactive users.
+example, /home) and users' shell. All accounts with a valid shell (such as
+/bin/bash) are considered interactive users.
 
-    Check that a file system&#x2F;partition has been created for the non-privileged
+    Check that a file system/partition has been created for the non-privileged
 interactive users with the following command:
 
-    Note: The partition of &#x2F;home is used in the example.
+    Note: The partition of /home is used in the example.
 
-    # grep &#x2F;home &#x2F;etc&#x2F;fstab
-    UUID&#x3D;333ada18    &#x2F;home                   ext4    noatime,nobarrier,nodev  1
+    # grep /home /etc/fstab
+    UUID=333ada18    /home                   ext4    noatime,nobarrier,nodev  1
 2
 
-    If a separate entry for the file system&#x2F;partition that contains the
-non-privileged interactive users&#39; home directories does not exist, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the &quot;&#x2F;home&quot; directory onto a separate file
-system&#x2F;partition.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8ee65e57-ccb8-415c-9a5d-24044cb85808</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-ec2-user with mountpoint &#x2F; is expected not to be empty
---------------------------------
-passed
-ec2-user with mountpoint &#x2F; is expected not to match &#x2F;^\&#x2F;$&#x2F;
-expected &quot;&#x2F;&quot; not to match &#x2F;^\&#x2F;$&#x2F;
+    If a separate entry for the file system/partition that contains the
+non-privileged interactive users' home directories does not exist, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the "/home" directory onto a separate file
+system/partition.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72059\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat a separate file system is used for user home directories (such as /home or\nan equivalent).\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for\nnon-privileged local interactive user home directories.\n\n    Check the home directory assignment for all non-privileged users (those\nwith a UID greater than 1000) on the system with the following command:\n\n    #cut -d: -f 1,3,6,7 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\" | tr \\\":\\\"\n\\\"\\\\t\\\"\n\n    adamsj /home/adamsj /bin/bash\n    jacksonm /home/jacksonm /bin/bash\n    smithj /home/smithj /bin/bash\n\n    The output of the command will give the directory/partition that contains\nthe home directories for the non-privileged users on the system (in this\nexample, /home) and users' shell. All accounts with a valid shell (such as\n/bin/bash) are considered interactive users.\n\n    Check that a file system/partition has been created for the non-privileged\ninteractive users with the following command:\n\n    Note: The partition of /home is used in the example.\n\n    # grep /home /etc/fstab\n    UUID=333ada18    /home                   ext4    noatime,nobarrier,nodev  1\n2\n\n    If a separate entry for the file system/partition that contains the\nnon-privileged interactive users' home directories does not exist, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Migrate the \\\"/home\\\" directory onto a separate file\nsystem/partition.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72059\"\n  tag rid: \"SV-86683r2_rule\"\n  tag stig_id: \"RHEL-07-021310\"\n  tag fix_id: \"F-78411r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  # excluding root because its home directory is usually \"/root\" (mountpoint \"/\")\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n\n    home_mount = command(%(df #{user_info.home} --output=target | tail -1)).stdout.strip\n    describe user_info.username do\n      context 'with mountpoint' do\n        context home_mount do\n          it { should_not be_empty }\n          it { should_not match(%r(^/$)) }\n        end\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST ec2-user with mountpoint / is expected not to be empty
+--------------------------------
+passed :: TEST ec2-user with mountpoint / is expected not to match /^\/$/ :: MESSAGE expected "/" not to match /^\/$/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;$&#x2F;
-+&quot;&#x2F;&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72113</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86737r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^\/$/
++"/"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72113</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86737r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fsetxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fsetxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fsetxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fsetxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fsetxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fsetxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fsetxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fsetxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0a768fc8-5efe-48a7-8e7c-f8d87ba0db33</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72287</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86911r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72113\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fsetxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fsetxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fsetxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fsetxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fsetxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72113\"\n  tag rid: \"SV-86737r5_rule\"\n  tag stig_id: \"RHEL-07-030450\"\n  tag fix_id: \"F-78465r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fsetxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fsetxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72287</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86911r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not respond to
 Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP)
-echoes sent to a broadcast address.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+echoes sent to a broadcast address.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Responding to broadcast (ICMP) echoes facilitates network mapping and
-provides a vector for amplification attacks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+provides a vector for amplification attacks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not respond to IPv4 ICMP echoes sent to a broadcast
 address.
 
-    # grep net.ipv4.icmp_echo_ignore_broadcasts &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot; net.ipv4.icmp_echo_ignore_broadcasts&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If " net.ipv4.icmp_echo_ignore_broadcasts" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the
-&quot;icmp_echo_ignore_broadcasts&quot; variable with the following command:
+"icmp_echo_ignore_broadcasts" variable with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
-    net.ipv4.icmp_echo_ignore_broadcasts &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
+    net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.icmp_echo_ignore_broadcasts &#x3D; 1
+    net.ipv4.icmp_echo_ignore_broadcasts = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>da18d677-6c3c-409d-88d9-79d6b8fb80a0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.icmp_echo_ignore_broadcasts value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72013</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86637r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72287\" do\n  title \"The Red Hat Enterprise Linux operating system must not respond to\nInternet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP)\nechoes sent to a broadcast address.\"\n  desc  \"Responding to broadcast (ICMP) echoes facilitates network mapping and\nprovides a vector for amplification attacks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not respond to IPv4 ICMP echoes sent to a broadcast\naddress.\n\n    # grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\" net.ipv4.icmp_echo_ignore_broadcasts\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the\n\\\"icmp_echo_ignore_broadcasts\\\" variable with the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts\n    net.ipv4.icmp_echo_ignore_broadcasts = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.icmp_echo_ignore_broadcasts = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72287\"\n  tag rid: \"SV-86911r2_rule\"\n  tag stig_id: \"RHEL-07-040630\"\n  tag fix_id: \"F-78641r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.icmp_echo_ignore_broadcasts value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72013</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86637r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user accounts, upon creation, are assigned a home
-directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users are not assigned a valid home directory,
-there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all local interactive users on the system are assigned a home
 directory upon creation.
 
     Check to see if the system is configured to create home directories for
 local interactive users with the following command:
 
-    # grep -i create_home &#x2F;etc&#x2F;login.defs
+    # grep -i create_home /etc/login.defs
     CREATE_HOME yes
 
-    If the value for &quot;CREATE_HOME&quot; parameter is not set to &quot;yes&quot;, the line
-is missing, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value for "CREATE_HOME" parameter is not set to "yes", the line
+is missing, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to assign home directories to all new local
-interactive users by setting the &quot;CREATE_HOME&quot; parameter in
-&quot;&#x2F;etc&#x2F;login.defs&quot; to &quot;yes&quot; as follows.
-
-    CREATE_HOME yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0567b5c1-6e2a-4cb2-bd29-f845041deab4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs CREATE_HOME is expected to eq &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86777r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+interactive users by setting the "CREATE_HOME" parameter in
+"/etc/login.defs" to "yes" as follows.
+
+    CREATE_HOME yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72013\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user accounts, upon creation, are assigned a home\ndirectory.\"\n  desc  \"If local interactive users are not assigned a valid home directory,\nthere is no place for the storage and control of files they should own.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all local interactive users on the system are assigned a home\ndirectory upon creation.\n\n    Check to see if the system is configured to create home directories for\nlocal interactive users with the following command:\n\n    # grep -i create_home /etc/login.defs\n    CREATE_HOME yes\n\n    If the value for \\\"CREATE_HOME\\\" parameter is not set to \\\"yes\\\", the line\nis missing, or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to assign home directories to all new local\ninteractive users by setting the \\\"CREATE_HOME\\\" parameter in\n\\\"/etc/login.defs\\\" to \\\"yes\\\" as follows.\n\n    CREATE_HOME yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72013\"\n  tag rid: \"SV-86637r2_rule\"\n  tag stig_id: \"RHEL-07-020610\"\n  tag fix_id: \"F-78365r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe login_defs do\n    its('CREATE_HOME') { should eq 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs CREATE_HOME is expected to eq "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86777r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the gpasswd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the gpasswd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;gpasswd&quot; command occur.
+successful/unsuccessful attempts to use the "gpasswd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;gpasswd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/gpasswd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;gpasswd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;gpasswd&quot; command occur.
+successful/unsuccessful attempts to use the "gpasswd" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;gpasswd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3cfdd125-db7d-4549-bc4e-dfac1f8ed0f3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;gpasswd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;gpasswd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71933</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000077-GPOS-00045</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86557r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72153\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe gpasswd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"gpasswd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/gpasswd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"gpasswd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72153\"\n  tag rid: \"SV-86777r5_rule\"\n  tag stig_id: \"RHEL-07-030650\"\n  tag fix_id: \"F-78505r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/gpasswd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/gpasswd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/gpasswd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71933</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000077-GPOS-00045</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86557r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are prohibited from reuse for a minimum of five generations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are prohibited from reuse for a minimum of five generations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Password complexity, or strength, is a measure of the effectiveness of
 a password in resisting attempts at guessing and brute-force attacks. If the
 information system or application allows the user to consecutively reuse their
 password when that password has exceeded its defined lifetime, the end result
-is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prohibits password reuse for a minimum of five
 generations.
 
-    Check for the value of the &quot;remember&quot; argument in
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; with the following
+    Check for the value of the "remember" argument in
+"/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following
 command:
 
-    # grep -i remember &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
 
-    password    requisite     pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
+    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3
 
-    If the line containing the &quot;pam_pwhistory.so&quot; line does not have the
-&quot;remember&quot; module argument set, is commented out, or the value of the
-&quot;remember&quot; module argument is set to less than &quot;5&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the line containing the "pam_pwhistory.so" line does not have the
+"remember" module argument set, is commented out, or the value of the
+"remember" module argument is set to less than "5", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prohibit password reuse for a minimum of
 five generations.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; (or modify the line to have the required value):
+    Add the following line in "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" (or modify the line to have the required value):
 
-    password    requisite     pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
+    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>53ab8c7b-2ac4-4036-948a-b57d61654d9d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password (required|requisite|sufficient) pam_(unix|pwhistory).so, any with arg remember &gt;&#x3D; 5</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95721r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021022</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the nodev option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nodev&quot; mount option causes the system to not interpret
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71933\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are prohibited from reuse for a minimum of five generations.\"\n  desc  \"Password complexity, or strength, is a measure of the effectiveness of\na password in resisting attempts at guessing and brute-force attacks. If the\ninformation system or application allows the user to consecutively reuse their\npassword when that password has exceeded its defined lifetime, the end result\nis a password that is not changed per policy requirements.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prohibits password reuse for a minimum of five\ngenerations.\n\n    Check for the value of the \\\"remember\\\" argument in\n\\\"/etc/pam.d/system-auth\\\" and \\\"/etc/pam.d/password-auth\\\" with the following\ncommand:\n\n    # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3\n\n    If the line containing the \\\"pam_pwhistory.so\\\" line does not have the\n\\\"remember\\\" module argument set, is commented out, or the value of the\n\\\"remember\\\" module argument is set to less than \\\"5\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prohibit password reuse for a minimum of\nfive generations.\n\n    Add the following line in \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" (or modify the line to have the required value):\n\n    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000077-GPOS-00045\"\n  tag gid: \"V-71933\"\n  tag rid: \"SV-86557r3_rule\"\n  tag stig_id: \"RHEL-07-010270\"\n  tag fix_id: \"F-78285r3_fix\"\n  tag cci: [\"CCI-000200\"]\n  tag nist: [\"IA-5 (1) (e)\", \"Rev_4\"]\n\n  min_reuse_generations = input('min_reuse_generations')\n\n  describe pam(\"/etc/pam.d/system-auth\") do\n    its('lines') { should match_pam_rule('password (required|requisite|sufficient) pam_(unix|pwhistory).so').any_with_integer_arg('remember', '&gt;=', min_reuse_generations) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password (required|requisite|sufficient) pam_(unix|pwhistory).so, any with arg remember &gt;= 5</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95721r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021022</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the nodev option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nodev" mount option causes the system to not interpret
 character or block special devices. Executing character or block special
 devices from untrusted file systems increases the opportunity for unprivileged
-users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;nodev&quot; option is configured for &#x2F;dev&#x2F;shm:
+users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "nodev" option is configured for /dev/shm:
 
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    # cat /etc/fstab | grep /dev/shm
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;nodev&quot; option is not listed, this is
+    If any results are returned and the "nodev" option is not listed, this is
 a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;nodev&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep nodev
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;nodev&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2ab01a8b-e225-4f55-bf56-3ffe7a578e94</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;nodev&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71965</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86589r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "nodev" option:
+
+    # mount | grep "/dev/shm" | grep nodev
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"nodev" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81009\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe nodev option.\"\n  desc  \"The \\\"nodev\\\" mount option causes the system to not interpret\ncharacter or block special devices. Executing character or block special\ndevices from untrusted file systems increases the opportunity for unprivileged\nusers to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"nodev\\\" option is configured for /dev/shm:\n\n\n    # cat /etc/fstab | grep /dev/shm\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"nodev\\\" option is not listed, this is\na finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"nodev\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep nodev\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"nodev\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81009\"\n  tag rid: \"SV-95721r2_rule\"\n  tag stig_id: \"RHEL-07-021022\"\n  tag fix_id: \"F-87843r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'nodev' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "nodev"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71965</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86589r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must uniquely identify
 and must authenticate organizational users (or processes acting on behalf of
-organizational users) using multifactor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+organizational users) using multifactor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To assure accountability and prevent unauthenticated access,
 organizational users must be identified and authenticated to prevent potential
 misuse and compromise of the system.
@@ -19954,209 +19064,198 @@ information system without identification or authentication;
     2) Accesses that occur through authorized use of group authenticators
 without individual authentication. Organizations may require unique
 identification of individuals in group accounts (e.g., shared privilege
-accounts) or for detailed accountability of individual activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts) or for detailed accountability of individual activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system requires multifactor authentication to uniquely
 identify organizational users using multifactor authentication.
 
     Check to see if smartcard authentication is enforced on the system:
 
-    # authconfig --test | grep &quot;pam_pkcs11 is enabled&quot;
+    # authconfig --test | grep "pam_pkcs11 is enabled"
 
     If no results are returned, this is a finding.
 
-    # authconfig --test | grep &quot;smartcard removal action&quot;
+    # authconfig --test | grep "smartcard removal action"
 
-    If &quot;smartcard removal action&quot; is blank, this is a finding.
+    If "smartcard removal action" is blank, this is a finding.
 
-    # authconfig --test | grep &quot;smartcard module&quot;
+    # authconfig --test | grep "smartcard module"
 
-    If &quot;smartcard module&quot; is blank, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "smartcard module" is blank, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require individuals to be authenticated
 with a multifactor authenticator.
 
     Enable smartcard logons with the following commands:
 
-    # authconfig --enablesmartcard --smartcardaction&#x3D;0 --update
+    # authconfig --enablesmartcard --smartcardaction=0 --update
     # authconfig --enablerequiresmartcard -update
 
-    Modify the &quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pkcs11_eventmgr.conf&quot; file to uncomment the
+    Modify the "/etc/pam_pkcs11/pkcs11_eventmgr.conf" file to uncomment the
 following line:
 
-    #&#x2F;usr&#x2F;X11R6&#x2F;bin&#x2F;xscreensaver-command -lock
-
-    Modify the &quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot; file to use the cackey
-module if required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b7ac909a-39b0-4674-8b0f-5f0ef6fbcf4b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
+    #/usr/X11R6/bin/xscreensaver-command -lock
+
+    Modify the "/etc/pam_pkcs11/pam_pkcs11.conf" file to use the cackey
+module if required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71965\" do\n  title \"The Red Hat Enterprise Linux operating system must uniquely identify\nand must authenticate organizational users (or processes acting on behalf of\norganizational users) using multifactor authentication.\"\n  desc  \"To assure accountability and prevent unauthenticated access,\norganizational users must be identified and authenticated to prevent potential\nmisuse and compromise of the system.\n\n    Organizational users include organizational employees or individuals the\norganization deems to have equivalent status of employees (e.g., contractors).\nOrganizational users (and processes acting on behalf of users) must be uniquely\nidentified and authenticated to all accesses, except for the following:\n\n    1) Accesses explicitly identified and documented by the organization.\nOrganizations document specific user actions that can be performed on the\ninformation system without identification or authentication;\n\n    and\n\n    2) Accesses that occur through authorized use of group authenticators\nwithout individual authentication. Organizations may require unique\nidentification of individuals in group accounts (e.g., shared privilege\naccounts) or for detailed accountability of individual activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system requires multifactor authentication to uniquely\nidentify organizational users using multifactor authentication.\n\n    Check to see if smartcard authentication is enforced on the system:\n\n    # authconfig --test | grep \\\"pam_pkcs11 is enabled\\\"\n\n    If no results are returned, this is a finding.\n\n    # authconfig --test | grep \\\"smartcard removal action\\\"\n\n    If \\\"smartcard removal action\\\" is blank, this is a finding.\n\n    # authconfig --test | grep \\\"smartcard module\\\"\n\n    If \\\"smartcard module\\\" is blank, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require individuals to be authenticated\nwith a multifactor authenticator.\n\n    Enable smartcard logons with the following commands:\n\n    # authconfig --enablesmartcard --smartcardaction=0 --update\n    # authconfig --enablerequiresmartcard -update\n\n    Modify the \\\"/etc/pam_pkcs11/pkcs11_eventmgr.conf\\\" file to uncomment the\nfollowing line:\n\n    #/usr/X11R6/bin/xscreensaver-command -lock\n\n    Modify the \\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\" file to use the cackey\nmodule if required.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000104-GPOS-00051\"\n  tag satisfies: [\"SRG-OS-000104-GPOS-00051\", \"SRG-OS-000106-GPOS-00053\",\n\"SRG-OS-000107-GPOS-00054\", \"SRG-OS-000109-GPOS-00056\",\n\"SRG-OS-000108-GPOS-00055\", \"SRG-OS-000108-GPOS-00057\",\n\"SRG-OS-000108-GPOS-00058\"]\n  tag gid: \"V-71965\"\n  tag rid: \"SV-86589r2_rule\"\n  tag stig_id: \"RHEL-07-010500\"\n  tag fix_id: \"F-78317r3_fix\"\n  tag cci: [\"CCI-000766\"]\n  tag nist: [\"IA-2 (2)\", \"Rev_4\"]\n\n  smart_card_status = input('smart_card_status')\n  if smart_card_status.eql?('enabled')\n    impact 0.5\n    describe command(\"authconfig --test | grep -i smartcard\") do\n      its('stdout') { should match %r{use\\sonly\\ssmartcard\\sfor\\slogin\\sis\\s#{smart_card_status}} }\n      its('stdout') { should match %r{smartcard\\smodule\\s=\\s\".+\"} }\n      its('stdout') { should match %r{smartcard\\sremoval\\saction\\s=\\s\".+\"} }\n    end\n  else\n    impact 0.0\n    describe \"The system is not smartcard enabled\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /use\sonly\ssmartcard\sfor\slogin\sis\senabled/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /use\sonly\ssmartcard\sfor\slogin\sis\senabled/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
+-/use\sonly\ssmartcard\sfor\slogin\sis\senabled/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
++ smartcard module = ""
++ smartcard removal action = ""
 
 --------------------------------
-passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
+passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /smartcard\smodule\s=\s".+"/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /smartcard\smodule\s=\s".+"/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
+-/smartcard\smodule\s=\s".+"/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
++ smartcard module = ""
++ smartcard removal action = ""
 
 --------------------------------
-passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
+passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /smartcard\sremoval\saction\s=\s".+"/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /smartcard\sremoval\saction\s=\s".+"/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
+-/smartcard\sremoval\saction\s=\s".+"/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72313</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86937r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040800</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
++ smartcard module = ""
++ smartcard removal action = ""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72313</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86937r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040800</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SNMP community strings on the Red Hat Enterprise Linux operating
-system must be changed from the default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system must be changed from the default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Whether active or not, default Simple Network Management Protocol
 (SNMP) community strings must be changed to maintain security. If the service
 is running with the default authenticators, anyone can gather data about the
 system and the network and use the information to potentially compromise the
 integrity of the system or network(s). It is highly recommended that SNMP
 version 3 user authentication and message encryption be used in place of the
-version 2 community strings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+version 2 community strings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that a system using SNMP is not using default community strings.
 
-    Check to see if the &quot;&#x2F;etc&#x2F;snmp&#x2F;snmpd.conf&quot; file exists with the following
+    Check to see if the "/etc/snmp/snmpd.conf" file exists with the following
 command:
 
-    # ls -al &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
+    # ls -al /etc/snmp/snmpd.conf
      -rw-------   1 root root      52640 Mar 12 11:08 snmpd.conf
 
     If the file does not exist, this is Not Applicable.
@@ -20164,284 +19263,273 @@ command:
     If the file does exist, check for the default community strings with the
 following commands:
 
-    # grep public &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
-    # grep private &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
-
-    If either of these commands returns any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the &quot;&#x2F;etc&#x2F;snmp&#x2F;snmpd.conf&quot; file exists, modify any lines
-that contain a community string value of &quot;public&quot; or &quot;private&quot; to another
-string value.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b467adac-af3f-44f0-ba18-b3599c6ffb20</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The &#x60;snmpd.conf&#x60; does not exist
-The snmpd.conf file does not exist, this control is Not Applicable</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72029</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86653r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grep public /etc/snmp/snmpd.conf
+    # grep private /etc/snmp/snmpd.conf
+
+    If either of these commands returns any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the "/etc/snmp/snmpd.conf" file exists, modify any lines
+that contain a community string value of "public" or "private" to another
+string value.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72313\" do\n  title \"SNMP community strings on the Red Hat Enterprise Linux operating\nsystem must be changed from the default.\"\n  desc  \"Whether active or not, default Simple Network Management Protocol\n(SNMP) community strings must be changed to maintain security. If the service\nis running with the default authenticators, anyone can gather data about the\nsystem and the network and use the information to potentially compromise the\nintegrity of the system or network(s). It is highly recommended that SNMP\nversion 3 user authentication and message encryption be used in place of the\nversion 2 community strings.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a system using SNMP is not using default community strings.\n\n    Check to see if the \\\"/etc/snmp/snmpd.conf\\\" file exists with the following\ncommand:\n\n    # ls -al /etc/snmp/snmpd.conf\n     -rw-------   1 root root      52640 Mar 12 11:08 snmpd.conf\n\n    If the file does not exist, this is Not Applicable.\n\n    If the file does exist, check for the default community strings with the\nfollowing commands:\n\n    # grep public /etc/snmp/snmpd.conf\n    # grep private /etc/snmp/snmpd.conf\n\n    If either of these commands returns any output, this is a finding.\n  \"\n  desc  \"fix\", \"If the \\\"/etc/snmp/snmpd.conf\\\" file exists, modify any lines\nthat contain a community string value of \\\"public\\\" or \\\"private\\\" to another\nstring value.\"\n\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72313\"\n  tag rid: \"SV-86937r2_rule\"\n  tag stig_id: \"RHEL-07-040800\"\n  tag fix_id: \"F-78667r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if file('/etc/snmp/snmpd.conf').exist?\n    impact 0.7\n    processed = []\n    to_process = ['/etc/snmp/snmpd.conf']\n\n    while !to_process.empty?\n      in_process = to_process.pop\n      next if processed.include? in_process\n      processed.push in_process\n\n      if file(in_process).directory?\n        to_process.concat(\n          command(\"find #{in_process} -maxdepth 1 -mindepth 1 -name '*.conf'\").\n            stdout.strip.split(\"\\n\").\n            select { |f| file(f).file? }\n        )\n      elsif file(in_process).file?\n        to_process.concat(\n          command(\"grep -E '^\\\\s*includeFile\\\\s+' #{in_process} | sed 's/^[[:space:]]*includeFile[[:space:]]*//g'\").\n            stdout.strip.split(%r{\\n+}).\n            map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n            select { |f| file(f).file? }\n        )\n        to_process.concat(\n          command(\"grep -E '^\\\\s*includeDir\\\\s+' #{in_process} | sed 's/^[[:space:]]*includeDir[[:space:]]*//g'\").\n            stdout.strip.split(%r{\\n+}).\n            map { |f| f.start_with?('/') ? f : File.join('/', f) }. # relative dirs are treated as absolute\n            select { |f| file(f).directory? }\n        )\n      end\n    end\n\n    config_files = processed.select { |f| file(f).file? }\n\n    config_files.each do |config|\n      describe file(config) do\n        its('content') { should_not match %r{^[^#]*(public|private)} }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The `snmpd.conf` does not exist\" do\n      skip \"The snmpd.conf file does not exist, this control is Not Applicable\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The `snmpd.conf` does not exist :: SKIP_MESSAGE The snmpd.conf file does not exist, this control is Not Applicable</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72029</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86653r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local initialization files for interactive users are owned by the home
-directory user or root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Local initialization files are used to configure the user&#39;s shell
+directory user or root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Local initialization files are used to configure the user's shell
 environment upon logon. Malicious modification of these files could compromise
-accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the local initialization files of all local interactive users are
-group-owned by that user&#39;s primary Group Identifier (GID).
+group-owned by that user's primary Group Identifier (GID).
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and a primary group of &quot;users&quot;.
+"/home/smithj" and a primary group of "users".
 
-    # cut -d: -f 1,4,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1000:&#x2F;home&#x2F;smithj
+    # cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1000:/home/smithj
 
-    # grep 1000 &#x2F;etc&#x2F;group
+    # grep 1000 /etc/group
     users:x:1000:smithj,jonesj,jacksons
 
     Note: This may miss interactive users that have been assigned a privileged
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    Check the group owner of all local interactive user&#39;s initialization files
+    Check the group owner of all local interactive user's initialization files
 with the following command:
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
     -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
     -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something
 
-    If all local interactive user&#39;s initialization files are not group-owned by
-that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If all local interactive user's initialization files are not group-owned by
+that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the owner of the local initialization files for interactive users to
 either the directory owner or root with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0688783b-95a6-483a-be25-e46e4eca4dbf</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files and Directories not owned by the user or root of the parent home directory is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72417</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87041r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72029\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files for interactive users are owned by the home\ndirectory user or root.\"\n  desc  \"Local initialization files are used to configure the user's shell\nenvironment upon logon. Malicious modification of these files could compromise\naccounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the local initialization files of all local interactive users are\ngroup-owned by that user's primary Group Identifier (GID).\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\" and a primary group of \\\"users\\\".\n\n    # cut -d: -f 1,4,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1000:/home/smithj\n\n    # grep 1000 /etc/group\n    users:x:1000:smithj,jonesj,jacksons\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    Check the group owner of all local interactive user's initialization files\nwith the following command:\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login\n    -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something\n\n    If all local interactive user's initialization files are not group-owned by\nthat user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the owner of the local initialization files for interactive users to\neither the directory owner or root with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72029\"\n  tag rid: \"SV-86653r3_rule\"\n  tag stig_id: \"RHEL-07-020690\"\n  tag fix_id: \"F-78381r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -name '.*' -not -user #{user_info.username} -a -not -user root\").stdout.split(\"\\n\")\n  end\n  describe \"Files and Directories not owned by the user or root of the parent home directory\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files and Directories not owned by the user or root of the parent home directory is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72417</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87041r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have the required
-        packages for multifactor authentication installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+        packages for multifactor authentication installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
         separate from the information system, ensures that even if the information
         system is compromised, that compromise will not affect credentials stored on
@@ -20464,14 +19552,14 @@ Files and Directories not owned by the user or root of the parent home directory
         This requirement only applies to components where this is specific to the
         function of the device or has the concept of an organizational user (e.g., VPN,
         proxy capability). This does not apply to authentication for the purpose of
-        configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+        configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system has the packages required for multifactor
 authentication installed.
 
@@ -20484,205 +19572,174 @@ esc-1.1.0-26.el7.noarch.rpm
 # yum list installed pam_pkcs11
 pam_pkcs11-0.6.2-14.el7.noarch.rpm
 
-If the &quot;esc&quot; and &quot;pam_pkcs11&quot; packages are not installed, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "esc" and "pam_pkcs11" packages are not installed, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement multifactor authentication by
 installing the required packages.
 
-Install the &quot;esc&quot; and &quot;pam_pkcs11&quot; packages on the system with the
+Install the "esc" and "pam_pkcs11" packages on the system with the
 following command:
 
-# yum install esc pam_pkcs11</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3c10b862-ed3b-4f0c-b645-0db8206565c4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package nss-pam-ldapd&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package esc&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pam_pkcs11&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pam_krb5&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package opensc&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite-ccid&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package gdm&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package authconfig-gtk&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package krb5-workstation&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package krb5-pkinit&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite-libs&#x60; is installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73177</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000424-GPOS-00188</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87829r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum install esc pam_pkcs11</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72417\" do\n  title \"The Red Hat Enterprise Linux operating system must have the required\n        packages for multifactor authentication installed.\"\n\n  desc  \"Using an authentication device, such as a CAC or token that is\n        separate from the information system, ensures that even if the information\n        system is compromised, that compromise will not affect credentials stored on\n        the authentication device.\n\n        Multifactor solutions that require devices separate from information\n        systems gaining access include, for example, hardware tokens providing\n        time-based or challenge-response authenticators and smart cards such as the\n        U.S. Government Personal Identity Verification card and the DoD Common Access\n        Card.\n\n        A privileged account is defined as an information system account with\n        authorizations of a privileged user.\n\n        Remote access is access to DoD nonpublic information systems by an\n        authorized user (or an information system) communicating through an external,\n        non-organization-controlled network. Remote access methods include, for\n        example, dial-up, broadband, and wireless.\n\n        This requirement only applies to components where this is specific to the\n        function of the device or has the concept of an organizational user (e.g., VPN,\n        proxy capability). This does not apply to authentication for the purpose of\n        configuring the device itself (management).\"\n\n  desc  \"check\", \"\n        Verify the operating system has the packages required for multifactor\n        authentication installed.\n\n        Check for the presence of the packages required to support multifactor\n        authentication with the following commands:\n\n        # yum list installed esc\n        esc-1.1.0-26.el7.noarch.rpm\n\n        # yum list installed pam_pkcs11\n        pam_pkcs11-0.6.2-14.el7.noarch.rpm\n\n        If the \\\"esc\\\" and \\\"pam_pkcs11\\\" packages are not installed, this is a\n        finding.\"\n\n  desc  \"fix\", \"\n        Configure the operating system to implement multifactor authentication by\n        installing the required packages.\n\n        Install the \\\"esc\\\" and \\\"pam_pkcs11\\\" packages on the system with the\n        following command:\n\n        # yum install esc pam_pkcs11\"\n\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\", \"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72417\"\n  tag rid: \"SV-87041r4_rule\"\n  tag stig_id: \"RHEL-07-041001\"\n  tag fix_id: \"F-78769r4_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  mfa_pkg_list = input('mfa_pkg_list')\n  smart_card_status = input('smart_card_status')\n\n  if smart_card_status.eql?('disabled')\n    impact 0.0\n    describe \"The system is not smartcard enabled thus this control is Not Applicable\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end \n  elsif mfa_pkg_list.empty?\n    describe \"The required Smartcard packages have not beed defined, plese define them in your `inputs`.\" do\n      subjec { mfa_pkg_list }\n      it { should_not be_empty }\n    end\n  else\n    mfa_pkg_list.each do |pkg|\n      describe \"The package\" do\n        subject { package(\"#{pkg}\") }\n        it { should be_installed }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package nss-pam-ldapd` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package esc` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pam_pkcs11` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pam_krb5` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package opensc` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite-ccid` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package gdm` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package authconfig-gtk` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package krb5-workstation` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package krb5-pkinit` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite-libs` is installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73177</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000424-GPOS-00188</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87829r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all wireless network adapters are disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all wireless network adapters are disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of wireless networking can introduce many different attack
-vectors into the organization&#39;s network. Common attack vectors such as
+vectors into the organization's network. Common attack vectors such as
 malicious association and ad hoc networks will allow an attacker to spoof a
 wireless access point (AP), allowing validated systems to connect to the
 malicious AP and enabling the attacker to monitor and record network traffic.
 These malicious APs can also serve to create a man-in-the-middle attack or be
-used to create a denial of service to valid network resources.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to create a denial of service to valid network resources.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that there are no wireless interfaces configured on the system.
 
-    This is N&#x2F;A for systems that do not have wireless network adapters.
+    This is N/A for systems that do not have wireless network adapters.
 
     Check for the presence of active wireless interfaces with the following
 command:
@@ -20695,437 +19752,420 @@ command:
 
     If a wireless interface is configured and its use on the system is not
 documented with the Information System Security Officer (ISSO), this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable all wireless network interfaces with the
 following command:
 
-    #nmcli radio wifi off</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1f4900d7-9beb-4c7b-9b14-fac55a316407</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001443</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001444</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;nmcli device&#x60; stdout.strip is expected not to match &#x2F;wifi connected&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72027</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86651r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #nmcli radio wifi off</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73177\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all wireless network adapters are disabled.\"\n  desc  \"The use of wireless networking can introduce many different attack\nvectors into the organization's network. Common attack vectors such as\nmalicious association and ad hoc networks will allow an attacker to spoof a\nwireless access point (AP), allowing validated systems to connect to the\nmalicious AP and enabling the attacker to monitor and record network traffic.\nThese malicious APs can also serve to create a man-in-the-middle attack or be\nused to create a denial of service to valid network resources.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that there are no wireless interfaces configured on the system.\n\n    This is N/A for systems that do not have wireless network adapters.\n\n    Check for the presence of active wireless interfaces with the following\ncommand:\n\n    # nmcli device\n    DEVICE TYPE STATE\n    eth0 ethernet connected\n    wlp3s0 wifi disconnected\n    lo loopback unmanaged\n\n    If a wireless interface is configured and its use on the system is not\ndocumented with the Information System Security Officer (ISSO), this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable all wireless network interfaces with the\nfollowing command:\n\n    #nmcli radio wifi off\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000424-GPOS-00188\"\n  tag gid: \"V-73177\"\n  tag rid: \"SV-87829r2_rule\"\n  tag stig_id: \"RHEL-07-041010\"\n  tag fix_id: \"F-79623r1_fix\"\n  tag cci: [\"CCI-001443\", \"CCI-001444\", \"CCI-002418\"]\n  tag nist: [\"AC-18 (1)\", \"AC-18 (1)\", \"SC-8\", \"Rev_4\"]\n\n  describe command('nmcli device') do\n    its('stdout.strip') { should_not match %r{wifi connected} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001443</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001444</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `nmcli device` stdout.strip is expected not to match /wifi connected/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72027</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86651r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
-directories have a mode of 0750 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directories have a mode of 0750 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user files have excessive permissions,
-unintended users may be able to access or modify them.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unintended users may be able to access or modify them.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories contained in a local interactive user home
-directory, excluding local initialization files, have a mode of &quot;0750&quot;.
+directory, excluding local initialization files, have a mode of "0750".
 
     Check the mode of all non-initialization files in a local interactive user
 home directory with the following command:
 
-    Files that begin with a &quot;.&quot; are excluded from this requirement.
+    Files that begin with a "." are excluded from this requirement.
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;home&#x2F;smithj
+    # ls -lLR /home/smithj
     -rwxr-x--- 1 smithj smithj  18 Mar  5 17:06 file1
     -rwxr----- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r-x--- 1 smithj smithj 231 Mar  5 17:06 file3
 
-    If any files are found with a mode more permissive than &quot;0750&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files are found with a mode more permissive than "0750", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the mode on files and directories in the local interactive user home
 directory with the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and is a member of the users group.
-
-    # chmod 0750 &#x2F;home&#x2F;smithj&#x2F;&lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>298b387f-cc92-446e-960d-8bcb499964c4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72155</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86779r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj" and is a member of the users group.
+
+    # chmod 0750 /home/smithj/&lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72027\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories have a mode of 0750 or less permissive.\"\n  desc  \"If a local interactive user files have excessive permissions,\nunintended users may be able to access or modify them.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories contained in a local interactive user home\ndirectory, excluding local initialization files, have a mode of \\\"0750\\\".\n\n    Check the mode of all non-initialization files in a local interactive user\nhome directory with the following command:\n\n    Files that begin with a \\\".\\\" are excluded from this requirement.\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /home/smithj\n    -rwxr-x--- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rwxr----- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r-x--- 1 smithj smithj 231 Mar  5 17:06 file3\n\n    If any files are found with a mode more permissive than \\\"0750\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Set the mode on files and directories in the local interactive user home\ndirectory with the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\" and is a member of the users group.\n\n    # chmod 0750 /home/smithj/&lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72027\"\n  tag rid: \"SV-86651r2_rule\"\n  tag stig_id: \"RHEL-07-020680\"\n  tag fix_id: \"F-78379r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -xdev ! -name '.*' -perm /027 ! -type l\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories with excessive permissions\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72155</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86779r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chage command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chage command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chage&quot; command occur.
+successful/unsuccessful attempts to use the "chage" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chage &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chage /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chage&quot; command occur.
+successful/unsuccessful attempts to use the "chage" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2349fcc0-892b-4665-a79d-e2aef7b750f7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chage&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chage&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71905</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000070-GPOS-00038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86529r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72155\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chage command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chage\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/chage /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chage\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72155\"\n  tag rid: \"SV-86779r5_rule\"\n  tag stig_id: \"RHEL-07-030660\"\n  tag fix_id: \"F-78507r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chage'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chage" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chage" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71905</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000070-GPOS-00038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86529r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one lower-case character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one lower-case character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -21134,492 +20174,474 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of lower-case characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;lcredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "lcredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep lcredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    lcredit &#x3D; -1
+    # grep lcredit /etc/security/pwquality.conf
+    lcredit = -1
 
-    If the value of &quot;lcredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "lcredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to require at least one lower-case character when
 creating or changing a password.
 
     Add or modify the following line
-    in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;:
-
-    lcredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>83e09e31-8a98-41bc-ac42-ff195ea24521</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf lcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72281</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86905r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    in "/etc/security/pwquality.conf":
+
+    lcredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71905\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one lower-case character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of lower-case characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"lcredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep lcredit /etc/security/pwquality.conf\n    lcredit = -1\n\n    If the value of \\\"lcredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to require at least one lower-case character when\ncreating or changing a password.\n\n    Add or modify the following line\n    in \\\"/etc/security/pwquality.conf\\\":\n\n    lcredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000070-GPOS-00038\"\n  tag gid: \"V-71905\"\n  tag rid: \"SV-86529r5_rule\"\n  tag stig_id: \"RHEL-07-010130\"\n  tag fix_id: \"F-78257r6_fix\"\n  tag cci: [\"CCI-000193\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('lcredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf lcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72281</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86905r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For Red Hat Enterprise Linux operating systems using DNS resolution,
-at least two name servers must be configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+at least two name servers must be configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To provide availability for name resolution services, multiple
 redundant name servers are mandated. A failure in name resolution could lead to
 the failure of security functions requiring name resolution, which may include
-time synchronization, centralized authentication, and remote system logging.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+time synchronization, centralized authentication, and remote system logging.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Determine whether the system is using local or DNS name resolution with the
 following command:
 
-    # grep hosts &#x2F;etc&#x2F;nsswitch.conf
+    # grep hosts /etc/nsswitch.conf
     hosts:   files dns
 
-    If the DNS entry is missing from the host&#39;s line in the
-&quot;&#x2F;etc&#x2F;nsswitch.conf&quot; file, the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file must be empty.
+    If the DNS entry is missing from the host's line in the
+"/etc/nsswitch.conf" file, the "/etc/resolv.conf" file must be empty.
 
-    Verify the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file is empty with the following command:
+    Verify the "/etc/resolv.conf" file is empty with the following command:
 
-    # ls -al &#x2F;etc&#x2F;resolv.conf
+    # ls -al /etc/resolv.conf
     -rw-r--r--  1 root root        0 Aug 19 08:31 resolv.conf
 
-    If local host authentication is being used and the &quot;&#x2F;etc&#x2F;resolv.conf&quot;
+    If local host authentication is being used and the "/etc/resolv.conf"
 file is not empty, this is a finding.
 
-    If the DNS entry is found on the host&#39;s line of the &quot;&#x2F;etc&#x2F;nsswitch.conf&quot;
+    If the DNS entry is found on the host's line of the "/etc/nsswitch.conf"
 file, verify the operating system is configured to use two or more name servers
 for DNS resolution.
 
     Determine the name servers used by the system with the following command:
 
-    # grep nameserver &#x2F;etc&#x2F;resolv.conf
+    # grep nameserver /etc/resolv.conf
     nameserver 192.168.1.2
     nameserver 192.168.1.3
 
     If less than two lines are returned that are not commented out, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to use two or more name servers for DNS
 resolution.
 
-    Edit the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file to uncomment or add the two or more
-&quot;nameserver&quot; option lines with the IP address of local authoritative name
-servers. If local host resolution is being performed, the &quot;&#x2F;etc&#x2F;resolv.conf&quot;
-file must be empty. An empty &quot;&#x2F;etc&#x2F;resolv.conf&quot; file can be created as
+    Edit the "/etc/resolv.conf" file to uncomment or add the two or more
+"nameserver" option lines with the IP address of local authoritative name
+servers. If local host resolution is being performed, the "/etc/resolv.conf"
+file must be empty. An empty "/etc/resolv.conf" file can be created as
 follows:
 
-    # echo -n &gt; &#x2F;etc&#x2F;resolv.conf
+    # echo -n &gt; /etc/resolv.conf
 
     And then make the file immutable with the following command:
 
-    # chattr +i &#x2F;etc&#x2F;resolv.conf
+    # chattr +i /etc/resolv.conf
 
-    If the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file must be mutable, the required
+    If the "/etc/resolv.conf" file must be mutable, the required
 configuration must be documented with the Information System Security Officer
-(ISSO) and the file must be verified by the system file integrity tool.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3ea1dec2-bd6b-48eb-905a-2bd78121ed07</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The system&#39;s nameservers: [&quot;nameserver 172.31.0.2&quot;] is expected not to equal nil
---------------------------------
-passed
-The number of nameservers is expected to cmp &gt;&#x3D; 2
-
-expected it to be &gt;&#x3D; 2
+(ISSO) and the file must be verified by the system file integrity tool.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72281\" do\n  title \"For Red Hat Enterprise Linux operating systems using DNS resolution,\nat least two name servers must be configured.\"\n  desc  \"To provide availability for name resolution services, multiple\nredundant name servers are mandated. A failure in name resolution could lead to\nthe failure of security functions requiring name resolution, which may include\ntime synchronization, centralized authentication, and remote system logging.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Determine whether the system is using local or DNS name resolution with the\nfollowing command:\n\n    # grep hosts /etc/nsswitch.conf\n    hosts:   files dns\n\n    If the DNS entry is missing from the host's line in the\n\\\"/etc/nsswitch.conf\\\" file, the \\\"/etc/resolv.conf\\\" file must be empty.\n\n    Verify the \\\"/etc/resolv.conf\\\" file is empty with the following command:\n\n    # ls -al /etc/resolv.conf\n    -rw-r--r--  1 root root        0 Aug 19 08:31 resolv.conf\n\n    If local host authentication is being used and the \\\"/etc/resolv.conf\\\"\nfile is not empty, this is a finding.\n\n    If the DNS entry is found on the host's line of the \\\"/etc/nsswitch.conf\\\"\nfile, verify the operating system is configured to use two or more name servers\nfor DNS resolution.\n\n    Determine the name servers used by the system with the following command:\n\n    # grep nameserver /etc/resolv.conf\n    nameserver 192.168.1.2\n    nameserver 192.168.1.3\n\n    If less than two lines are returned that are not commented out, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to use two or more name servers for DNS\nresolution.\n\n    Edit the \\\"/etc/resolv.conf\\\" file to uncomment or add the two or more\n\\\"nameserver\\\" option lines with the IP address of local authoritative name\nservers. If local host resolution is being performed, the \\\"/etc/resolv.conf\\\"\nfile must be empty. An empty \\\"/etc/resolv.conf\\\" file can be created as\nfollows:\n\n    # echo -n &gt; /etc/resolv.conf\n\n    And then make the file immutable with the following command:\n\n    # chattr +i /etc/resolv.conf\n\n    If the \\\"/etc/resolv.conf\\\" file must be mutable, the required\nconfiguration must be documented with the Information System Security Officer\n(ISSO) and the file must be verified by the system file integrity tool.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72281\"\n  tag rid: \"SV-86905r2_rule\"\n  tag stig_id: \"RHEL-07-040600\"\n  tag fix_id: \"F-78635r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  dns_in_host_line = parse_config_file(\"/etc/nsswitch.conf\",\n    {\n      comment_char: '#',\n      assignment_regex: /^\\s*([^:]*?)\\s*:\\s*(.*?)\\s*$/,\n    }\n  ).params['hosts'].include?('dns')\n\n  describe \"If `local` resolution is being used, a `hosts` entry in /etc/nsswitch.conf having `dns`\" do\n    subject { dns_in_host_line }\n    it { should be false }\n  end if !dns_in_host_line\n\n  describe \"If `local` resoultion is being used, the /etc/resolv.conf file should\" do\n    subject { parse_config_file(\"/etc/resolv.conf\", { comment_char: '#'}).params }\n    it { should be_empty }\n  end if !dns_in_host_line\n\n  nameservers = parse_config_file(\"/etc/resolv.conf\",\n    { comment_char: '#'}\n  ).params.keys.grep(/nameserver/)\n\n  describe \"The system's nameservers: #{nameservers}\" do\n  subject { nameservers }\n    it { should_not be nil }\n  end if dns_in_host_line\n\n  describe \"The number of nameservers\" do\n  subject { nameservers.count }\n    it { should cmp &gt;= 2 }\n  end if dns_in_host_line\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The system's nameservers: ["nameserver 172.31.0.2"] is expected not to equal nil
+--------------------------------
+passed :: TEST The number of nameservers is expected to cmp &gt;= 2 :: MESSAGE 
+expected it to be &gt;= 2
      got: 1
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77825</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92521r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77825</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92521r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement virtual
-address space randomization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+address space randomization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Address space layout randomization (ASLR) makes it more difficult for
 an attacker to predict the location of attack code he or she has introduced
-into a process&#39;s address space during an attempt at exploitation. Additionally,
+into a process's address space during an attempt at exploitation. Additionally,
 ASLR also makes it more difficult for an attacker to know the location of
 existing code in order to repurpose it using return-oriented programming (ROP)
-techniques.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+techniques.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements virtual address space randomization.
 
-    # grep kernel.randomize_va_space &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/*
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
-    If &quot;kernel.randomize_va_space&quot; is not configured in the &#x2F;etc&#x2F;sysctl.conf
-file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or does not have a
-value of &quot;2&quot;, this is a finding.
+    If "kernel.randomize_va_space" is not configured in the /etc/sysctl.conf
+file or in the /etc/sysctl.d/ directory, is commented out or does not have a
+value of "2", this is a finding.
 
     Check that the operating system implements virtual address space
 randomization with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep kernel.randomize_va_space
+    # /sbin/sysctl -a | grep kernel.randomize_va_space
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
-    If &quot;kernel.randomize_va_space&quot; does not have a value of &quot;2&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "kernel.randomize_va_space" does not have a value of "2", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system implement virtual address space
 randomization.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a config file in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory
+line to "/etc/sysctl.conf" or a config file in the /etc/sysctl.d/ directory
 (or modify the line to have the required value):
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a89f5d3b-d3b7-4f57-a5f8-cfd27cddc03f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter kernel.randomize_va_space value is expected to eq 2</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77821</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000378-GPOS-00163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92517r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77825\" do\n  title \"The Red Hat Enterprise Linux operating system must implement virtual\naddress space randomization.\"\n  desc  \"Address space layout randomization (ASLR) makes it more difficult for\nan attacker to predict the location of attack code he or she has introduced\ninto a process's address space during an attempt at exploitation. Additionally,\nASLR also makes it more difficult for an attacker to know the location of\nexisting code in order to repurpose it using return-oriented programming (ROP)\ntechniques.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements virtual address space randomization.\n\n    # grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/*\n\n    kernel.randomize_va_space = 2\n\n    If \\\"kernel.randomize_va_space\\\" is not configured in the /etc/sysctl.conf\nfile or in the /etc/sysctl.d/ directory, is commented out or does not have a\nvalue of \\\"2\\\", this is a finding.\n\n    Check that the operating system implements virtual address space\nrandomization with the following command:\n\n    # /sbin/sysctl -a | grep kernel.randomize_va_space\n\n    kernel.randomize_va_space = 2\n\n    If \\\"kernel.randomize_va_space\\\" does not have a value of \\\"2\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system implement virtual address space\nrandomization.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a config file in the /etc/sysctl.d/ directory\n(or modify the line to have the required value):\n\n    kernel.randomize_va_space = 2\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-77825\"\n  tag rid: \"SV-92521r2_rule\"\n  tag stig_id: \"RHEL-07-040201\"\n  tag fix_id: \"F-84531r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  randomize_va_space = input('randomize_va_space')\n\n  describe kernel_parameter('kernel.randomize_va_space') do\n    its('value') { should eq randomize_va_space }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter kernel.randomize_va_space value is expected to eq 2</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77821</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000378-GPOS-00163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92517r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled
-unless required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unless required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Disabling DCCP protects the system against exploitation of any flaws
-in the protocol implementation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+in the protocol implementation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system disables the ability to load the DCCP kernel
 module.
 
-    # grep -r dccp &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;&#x2F;bin&#x2F;true&quot; | grep -v &quot;^#&quot;
+    # grep -r dccp /etc/modprobe.d/* | grep -i "/bin/true" | grep -v "^#"
 
-    install dccp &#x2F;bin&#x2F;true
+    install dccp /bin/true
 
     If the command does not return any output, or the line is commented out,
 and use of DCCP is not documented with the Information System Security Officer
@@ -21631,594 +20653,570 @@ module.
     Check to see if the DCCP kernel module is disabled with the following
 command:
 
-    # grep -i dccp &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;blacklist&quot; | grep -v &quot;^#&quot;
+    # grep -i dccp /etc/modprobe.d/* | grep -i "blacklist" | grep -v "^#"
 
     blacklist dccp
 
-    If the command does not return any output or the output is not &quot;blacklist
-dccp&quot;, and use of the dccp kernel module is not documented with the
+    If the command does not return any output or the output is not "blacklist
+dccp", and use of the dccp kernel module is not documented with the
 Information System Security Officer (ISSO) as an operational requirement, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to use the DCCP
 kernel module.
 
-    Create a file under &quot;&#x2F;etc&#x2F;modprobe.d&quot; with the following command:
+    Create a file under "/etc/modprobe.d" with the following command:
 
-    # touch &#x2F;etc&#x2F;modprobe.d&#x2F;dccp.conf
+    # touch /etc/modprobe.d/dccp.conf
 
     Add the following line to the created file:
 
-    install dccp &#x2F;bin&#x2F;true
+    install dccp /bin/true
 
     Ensure that the DCCP module is blacklisted:
 
-    # vi &#x2F;etc&#x2F;modprobe.d&#x2F;blacklist.conf
+    # vi /etc/modprobe.d/blacklist.conf
 
     Add or update the line:
 
-    blacklist dccp</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>af2ab556-3e92-46c3-a7cd-3a39b76823a3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Module dccp is expected not to be loaded
---------------------------------
-passed
-Kernel Module dccp is expected to be blacklisted</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86643r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    blacklist dccp</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77821\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the Datagram Congestion Control Protocol (DCCP) kernel module is disabled\nunless required.\"\n  desc  \"Disabling DCCP protects the system against exploitation of any flaws\nin the protocol implementation.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system disables the ability to load the DCCP kernel\nmodule.\n\n    # grep -r dccp /etc/modprobe.d/* | grep -i \\\"/bin/true\\\" | grep -v \\\"^#\\\"\n\n    install dccp /bin/true\n\n    If the command does not return any output, or the line is commented out,\nand use of DCCP is not documented with the Information System Security Officer\n(ISSO) as an operational requirement, this is a finding.\n\n    Verify the operating system disables the ability to use the DCCP kernel\nmodule.\n\n    Check to see if the DCCP kernel module is disabled with the following\ncommand:\n\n    # grep -i dccp /etc/modprobe.d/* | grep -i \\\"blacklist\\\" | grep -v \\\"^#\\\"\n\n    blacklist dccp\n\n    If the command does not return any output or the output is not \\\"blacklist\ndccp\\\", and use of the dccp kernel module is not documented with the\nInformation System Security Officer (ISSO) as an operational requirement, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to use the DCCP\nkernel module.\n\n    Create a file under \\\"/etc/modprobe.d\\\" with the following command:\n\n    # touch /etc/modprobe.d/dccp.conf\n\n    Add the following line to the created file:\n\n    install dccp /bin/true\n\n    Ensure that the DCCP module is blacklisted:\n\n    # vi /etc/modprobe.d/blacklist.conf\n\n    Add or update the line:\n\n    blacklist dccp\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000378-GPOS-00163\"\n  tag gid: \"V-77821\"\n  tag rid: \"SV-92517r3_rule\"\n  tag stig_id: \"RHEL-07-020101\"\n  tag fix_id: \"F-84521r3_fix\"\n  tag cci: [\"CCI-001958\"]\n  tag nist: [\"IA-3\", \"Rev_4\"]\n\n  describe kernel_module('dccp') do\n    it { should_not be_loaded }\n    it { should be_blacklisted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Module dccp is expected not to be loaded
+--------------------------------
+passed :: TEST Kernel Module dccp is expected to be blacklisted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86643r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories are owned by their respective
-users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user does not own their home directory,
-unauthorized users could access or modify the user&#39;s files, and the users may
-not be able to access their own files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized users could access or modify the user's files, and the users may
+not be able to access their own files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users on the
 system exists.
 
     Check the home directory assignment for all local interactive users on the
 system with the following command:
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
 
-    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 &#x2F;home&#x2F;smithj
+    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj
 
-    If any home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; are not owned by the
-interactive user, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the owner of a local interactive user&#39;s home directories to that
-owner. To change the owner of a local interactive user&#39;s home directory, use
+    If any home directories referenced in "/etc/passwd" are not owned by the
+interactive user, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the owner of a local interactive user's home directories to that
+owner. To change the owner of a local interactive user's home directory, use
 the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bf162056-a4a3-4e37-9606-ffd8092d4dc1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;root owner is expected to eq &quot;root&quot;
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user owner is expected to eq &quot;ec2-user&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71925</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86549r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72019\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are owned by their respective\nusers.\"\n  desc  \"If a local interactive user does not own their home directory,\nunauthorized users could access or modify the user's files, and the users may\nnot be able to access their own files.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users on the\nsystem exists.\n\n    Check the home directory assignment for all local interactive users on the\nsystem with the following command:\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n\n    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj\n\n    If any home directories referenced in \\\"/etc/passwd\\\" are not owned by the\ninteractive user, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the owner of a local interactive user's home directories to that\nowner. To change the owner of a local interactive user's home directory, use\nthe following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72019\"\n  tag rid: \"SV-86643r5_rule\"\n  tag stig_id: \"RHEL-07-020640\"\n  tag fix_id: \"F-78371r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n      its('owner') { should eq user_info.username }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /root owner is expected to eq "root"
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user owner is expected to eq "ec2-user"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71925</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86549r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords for new users are restricted to a 24 hours&#x2F;1 day minimum
-lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords for new users are restricted to a 24 hours/1 day minimum
+lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enforcing a minimum password lifetime helps to prevent repeated
 password changes to defeat the password reuse or history enforcement
 requirement. If users are allowed to immediately and continually change their
 password, the password could be repeatedly changed in a short period of time to
-defeat the organization&#39;s policy regarding password reuse.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system enforces 24 hours&#x2F;1 day as the minimum password
+defeat the organization's policy regarding password reuse.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system enforces 24 hours/1 day as the minimum password
 lifetime for new user accounts.
 
-    Check for the value of &quot;PASS_MIN_DAYS&quot; in &quot;&#x2F;etc&#x2F;login.defs&quot; with the
+    Check for the value of "PASS_MIN_DAYS" in "/etc/login.defs" with the
 following command:
 
-    # grep -i pass_min_days &#x2F;etc&#x2F;login.defs
+    # grep -i pass_min_days /etc/login.defs
     PASS_MIN_DAYS     1
 
-    If the &quot;PASS_MIN_DAYS&quot; parameter value is not &quot;1&quot; or greater, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to enforce 24 hours&#x2F;1 day as the minimum
+    If the "PASS_MIN_DAYS" parameter value is not "1" or greater, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to enforce 24 hours/1 day as the minimum
 password lifetime.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;login.defs&quot; (or modify the line to have
+    Add the following line in "/etc/login.defs" (or modify the line to have
 the required value):
 
-    PASS_MIN_DAYS     1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7a49c708-b30a-453a-ad5e-044506c1107b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs PASS_MIN_DAYS.to_i is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72247</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86871r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040370</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    PASS_MIN_DAYS     1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71925\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords for new users are restricted to a 24 hours/1 day minimum\nlifetime.\"\n  desc  \"Enforcing a minimum password lifetime helps to prevent repeated\npassword changes to defeat the password reuse or history enforcement\nrequirement. If users are allowed to immediately and continually change their\npassword, the password could be repeatedly changed in a short period of time to\ndefeat the organization's policy regarding password reuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces 24 hours/1 day as the minimum password\nlifetime for new user accounts.\n\n    Check for the value of \\\"PASS_MIN_DAYS\\\" in \\\"/etc/login.defs\\\" with the\nfollowing command:\n\n    # grep -i pass_min_days /etc/login.defs\n    PASS_MIN_DAYS     1\n\n    If the \\\"PASS_MIN_DAYS\\\" parameter value is not \\\"1\\\" or greater, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce 24 hours/1 day as the minimum\npassword lifetime.\n\n    Add the following line in \\\"/etc/login.defs\\\" (or modify the line to have\nthe required value):\n\n    PASS_MIN_DAYS     1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000075-GPOS-00043\"\n  tag gid: \"V-71925\"\n  tag rid: \"SV-86549r2_rule\"\n  tag stig_id: \"RHEL-07-010230\"\n  tag fix_id: \"F-78277r1_fix\"\n  tag cci: [\"CCI-000198\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('PASS_MIN_DAYS.to_i') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs PASS_MIN_DAYS.to_i is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72247</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86871r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040370</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not permit direct
-logons to the root account using remote access via SSH.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+logons to the root account using remote access via SSH.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Even though the communications channel may be encrypted, an additional
 layer of security is gained by extending the policy of not logging on directly
 as root. In addition, logging on with a user-specific account provides
-individual accountability of actions performed on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+individual accountability of actions performed on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify remote access using SSH prevents users from logging on directly as
 root.
 
     Check that SSH prevents users from logging on directly as root with the
 following command:
 
-    # grep -i permitrootlogin &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i permitrootlogin /etc/ssh/sshd_config
     PermitRootLogin no
 
-    If the &quot;PermitRootLogin&quot; keyword is set to &quot;yes&quot;, is missing, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PermitRootLogin" keyword is set to "yes", is missing, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to stop users from logging on remotely as the root user.
 
-    Edit the appropriate  &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the
-line for the &quot;PermitRootLogin&quot; keyword and set its value to &quot;no&quot; (this file
+    Edit the appropriate  "/etc/ssh/sshd_config" file to uncomment or add the
+line for the "PermitRootLogin" keyword and set its value to "no" (this file
 may be named differently or be in a different location if using a version of
 SSH that is provided by a third-party vendor):
 
     PermitRootLogin no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b9a1c665-48f2-4353-be88-7dcaaacd0e07</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitRootLogin is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72091</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86715r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72247\" do\n  title \"The Red Hat Enterprise Linux operating system must not permit direct\nlogons to the root account using remote access via SSH.\"\n  desc  \"Even though the communications channel may be encrypted, an additional\nlayer of security is gained by extending the policy of not logging on directly\nas root. In addition, logging on with a user-specific account provides\nindividual accountability of actions performed on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify remote access using SSH prevents users from logging on directly as\nroot.\n\n    Check that SSH prevents users from logging on directly as root with the\nfollowing command:\n\n    # grep -i permitrootlogin /etc/ssh/sshd_config\n    PermitRootLogin no\n\n    If the \\\"PermitRootLogin\\\" keyword is set to \\\"yes\\\", is missing, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to stop users from logging on remotely as the root user.\n\n    Edit the appropriate  \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the\nline for the \\\"PermitRootLogin\\\" keyword and set its value to \\\"no\\\" (this file\nmay be named differently or be in a different location if using a version of\nSSH that is provided by a third-party vendor):\n\n    PermitRootLogin no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72247\"\n  tag rid: \"SV-86871r3_rule\"\n  tag stig_id: \"RHEL-07-040370\"\n  tag fix_id: \"F-78601r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitRootLogin') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitRootLogin is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72091</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86715r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must immediately notify
 the System Administrator (SA) and Information System Security Officer (ISSO)
 (at a minimum) via email when the threshold for the repository maximum audit
-record storage capacity is reached.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+record storage capacity is reached.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when the threshold
 for the repository maximum audit record storage capacity is reached, they are
-unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system immediately notifies the SA and ISSO (at a
 minimum) via email when the allocated audit record storage volume reaches 75
 percent of the repository maximum audit record storage capacity.
@@ -22227,160 +21225,155 @@ percent of the repository maximum audit record storage capacity.
 repository maximum audit record storage capacity is reached with the following
 command:
 
-    # grep -i space_left_action  &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    space_left_action &#x3D; email
+    # grep -i space_left_action  /etc/audit/auditd.conf
+    space_left_action = email
 
-    If the value of the &quot;space_left_action&quot; keyword is not set to &quot;email&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "space_left_action" keyword is not set to "email",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to immediately notify the SA and ISSO (at a
 minimum) when the threshold for the repository maximum audit record storage
 capacity is reached.
 
-    Uncomment or edit the &quot;space_left_action&quot; keyword in
-&quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot; and set it to &quot;email&quot;.
-
-    space_left_action &#x3D; email</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2b72475b-be67-4d98-9dcd-4b6473c9a871</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config space_left_action.downcase is expected to cmp &#x3D;&#x3D; &quot;email&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71963</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86587r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010490</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment or edit the "space_left_action" keyword in
+"/etc/audit/auditd.conf" and set it to "email".
+
+    space_left_action = email</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72091\" do\n  title \"The Red Hat Enterprise Linux operating system must immediately notify\nthe System Administrator (SA) and Information System Security Officer (ISSO)\n(at a minimum) via email when the threshold for the repository maximum audit\nrecord storage capacity is reached.\"\n  desc  \"If security personnel are not notified immediately when the threshold\nfor the repository maximum audit record storage capacity is reached, they are\nunable to expand the audit record storage capacity before records are lost.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system immediately notifies the SA and ISSO (at a\nminimum) via email when the allocated audit record storage volume reaches 75\npercent of the repository maximum audit record storage capacity.\n\n    Check what action the operating system takes when the threshold for the\nrepository maximum audit record storage capacity is reached with the following\ncommand:\n\n    # grep -i space_left_action  /etc/audit/auditd.conf\n    space_left_action = email\n\n    If the value of the \\\"space_left_action\\\" keyword is not set to \\\"email\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to immediately notify the SA and ISSO (at a\nminimum) when the threshold for the repository maximum audit record storage\ncapacity is reached.\n\n    Uncomment or edit the \\\"space_left_action\\\" keyword in\n\\\"/etc/audit/auditd.conf\\\" and set it to \\\"email\\\".\n\n    space_left_action = email\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72091\"\n  tag rid: \"SV-86715r2_rule\"\n  tag stig_id: \"RHEL-07-030340\"\n  tag fix_id: \"F-78443r1_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  describe auditd_conf do\n    its('space_left_action.downcase') { should cmp 'email' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config space_left_action.downcase is expected to cmp == "email"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71963</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86587r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010490</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems prior to version 7.2 using
 Unified Extensible Firmware Interface (UEFI) must require authentication upon
-booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use BIOS, this is Not Applicable.
     For systems that are running RHEL 7.2 or newer, this is Not Applicable.
 
     Check to see if an encrypted root password is set. On systems that use
 UEFI, use the following command:
 
-    # grep -i password &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
+    # grep -i password /boot/efi/EFI/redhat/grub.cfg
 
     password_pbkdf2 [superusers-account] [password-hash]
 
-    If the root password entry does not begin with &quot;password_pbkdf2&quot;, this is
+    If the root password entry does not begin with "password_pbkdf2", this is
 a finding.
 
-    If the &quot;superusers-account&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "superusers-account" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -22394,130 +21387,124 @@ a finding.
     PBKDF2 hash of your password is
 grub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
 
-    Edit &quot;&#x2F;etc&#x2F;grub.d&#x2F;40_custom&quot; and add the following lines below the
+    Edit "/etc/grub.d/40_custom" and add the following lines below the
 comments:
 
-    # vi &#x2F;etc&#x2F;grub.d&#x2F;40_custom
+    # vi /etc/grub.d/40_custom
 
-    set superusers&#x3D;&quot;root&quot;
+    set superusers="root"
 
     password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}
 
-    Generate a new &quot;grub.conf&quot; file with the new password with the following
+    Generate a new "grub.conf" file with the new password with the following
 commands:
 
-    # grub2-mkconfig --output&#x3D;&#x2F;tmp&#x2F;grub2.cfg
-    # mv &#x2F;tmp&#x2F;grub2.cfg &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b0ecf8b5-c3d5-4b39-b1d4-a741f64f33a3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-EFI is not in use
-EFI is not in use so this control is NA</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72427</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87051r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041002</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grub2-mkconfig --output=/tmp/grub2.cfg
+    # mv /tmp/grub2.cfg /boot/efi/EFI/redhat/grub.cfg</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71963\" do\n  title \"Red Hat Enterprise Linux operating systems prior to version 7.2 using\nUnified Extensible Firmware Interface (UEFI) must require authentication upon\nbooting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use BIOS, this is Not Applicable.\n    For systems that are running RHEL 7.2 or newer, this is Not Applicable.\n\n    Check to see if an encrypted root password is set. On systems that use\nUEFI, use the following command:\n\n    # grep -i password /boot/efi/EFI/redhat/grub.cfg\n\n    password_pbkdf2 [superusers-account] [password-hash]\n\n    If the root password entry does not begin with \\\"password_pbkdf2\\\", this is\na finding.\n\n    If the \\\"superusers-account\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-mkpasswd-pbkdf2\n\n    Enter Password:\n    Reenter Password:\n    PBKDF2 hash of your password is\ngrub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45\n\n    Edit \\\"/etc/grub.d/40_custom\\\" and add the following lines below the\ncomments:\n\n    # vi /etc/grub.d/40_custom\n\n    set superusers=\\\"root\\\"\n\n    password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}\n\n    Generate a new \\\"grub.conf\\\" file with the new password with the following\ncommands:\n\n    # grub2-mkconfig --output=/tmp/grub2.cfg\n    # mv /tmp/grub2.cfg /boot/efi/EFI/redhat/grub.cfg\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-71963\"\n  tag rid: \"SV-86587r4_rule\"\n  tag stig_id: \"RHEL-07-010490\"\n  tag fix_id: \"F-78315r3_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  os_minor_version = os().release.split('.')[1].to_i\n\n  # If OS version is 7.2 or later ONLY root is allowed\n  efi_superusers = os_minor_version &lt; 2 ? input('efi_superusers') : ['root']\n  # Also ensure that 'root' is in the list always\n  efi_superusers.push('root') if !efi_superusers.include?('root')\n  # Define the main cfg with the os name in the path to allow\n  # for this to work with RHEL variants (e.g. CentOS)\n  efi_main_cfg = \"/boot/efi/EFI/#{os().name}/grub.cfg\"\n\n  # If the main EFI config file does not exist this system is\n  # not using EFI and the control is NA\n  if !file(efi_main_cfg).exist?\n    impact 0.0\n    describe 'EFI is not in use' do\n      skip 'EFI is not in use so this control is NA'\n    end\n  # Ensure any superusers are configured with PBDKF2 passwords\n  else\n    efi_superusers.each do |user|\n      describe file(efi_main_cfg) do\n          its('content') { should match %r{^\\s*password_pbkdf2\\s+#{user} } }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST EFI is not in use :: SKIP_MESSAGE EFI is not in use so this control is NA</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72427</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87051r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041002</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
   multifactor authentication for access to privileged accounts via pluggable
-  authentication modules (PAM).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+  authentication modules (PAM).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
   separate from the information system, ensures that even if the information
   system is compromised, that compromise will not affect credentials stored on
@@ -22540,150 +21527,145 @@ EFI is not in use so this control is NA</FINDING_DETAILS>
       This requirement only applies to components where this is specific to the
   function of the device or has the concept of an organizational user (e.g., VPN,
   proxy capability). This does not apply to authentication for the purpose of
-  configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+  configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements multifactor authentication for
 remote access to privileged accounts via pluggable authentication modules (PAM).
 
-    Check the &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot; file for the authentication services that
+    Check the "/etc/sssd/sssd.conf" file for the authentication services that
 are being used with the following command:
 
-    # grep services &#x2F;etc&#x2F;sssd&#x2F;sssd.conf &#x2F;etc&#x2F;sssd&#x2F;conf.d&#x2F;*.conf
+    # grep services /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
 
-    services &#x3D; nss, pam
+    services = nss, pam
 
-    If the &quot;pam&quot; service is not present on all &quot;services&quot; lines, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "pam" service is not present on all "services" lines, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement multifactor authentication for
 remote access to privileged accounts via pluggable authentication modules (PAM).
 
-    Modify all of the services lines in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot; or in
-configuration files found under &quot;&#x2F;etc&#x2F;sssd&#x2F;conf.d&quot; to include pam.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fc8a1fca-385c-4157-bd68-924ca0653b2c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i -E &#39;services( )*&#x3D;( )*(.+*)pam&#39; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf&#x60; stdout.strip is expected to include &quot;pam&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72221</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86845r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify all of the services lines in "/etc/sssd/sssd.conf" or in
+configuration files found under "/etc/sssd/conf.d" to include pam.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72427\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\n  multifactor authentication for access to privileged accounts via pluggable\n  authentication modules (PAM).\"\n  desc  \"Using an authentication device, such as a CAC or token that is\n  separate from the information system, ensures that even if the information\n  system is compromised, that compromise will not affect credentials stored on\n  the authentication device.\n\n      Multifactor solutions that require devices separate from information\n  systems gaining access include, for example, hardware tokens providing\n  time-based or challenge-response authenticators and smart cards such as the\n  U.S. Government Personal Identity Verification card and the DoD Common Access\n  Card.\n\n      A privileged account is defined as an information system account with\n  authorizations of a privileged user.\n\n      Remote access is access to DoD nonpublic information systems by an\n  authorized user (or an information system) communicating through an external,\n  non-organization-controlled network. Remote access methods include, for\n  example, dial-up, broadband, and wireless.\n\n      This requirement only applies to components where this is specific to the\n  function of the device or has the concept of an organizational user (e.g., VPN,\n  proxy capability). This does not apply to authentication for the purpose of\n  configuring the device itself (management).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements multifactor authentication for\n    remote access to privileged accounts via pluggable authentication modules (PAM).\n\n        Check the \\\"/etc/sssd/sssd.conf\\\" file for the authentication services that\n    are being used with the following command:\n\n        # grep services /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf\n\n        services = nss, pam\n\n        If the \\\"pam\\\" service is not present on all \\\"services\\\" lines, this is a\n    finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement multifactor authentication for\n    remote access to privileged accounts via pluggable authentication modules (PAM).\n\n        Modify all of the services lines in \\\"/etc/sssd/sssd.conf\\\" or in\n    configuration files found under \\\"/etc/sssd/conf.d\\\" to include pam.\"\n\n  impact 0.5  \n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\",\n\"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72427\"\n  tag rid: \"SV-87051r4_rule\"\n  tag stig_id: \"RHEL-07-041002\"\n  tag fix_id: \"F-78779r3_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  unless package('sssd').installed?\n    impact 0.0\n    describe \"The SSSD Package is not installed on the system\" do\n      skip \"This control is Not Appliciable without the SSSD Package installed.\"\n    end\n  else\n    if (!(sssd_files = command(\"find /etc/sssd -name *.conf\").stdout.split(\"\\n\")).empty?)\n      sssd_files.each do |file|\n        describe.one do\n          describe parse_config_file(file) do\n            its('services') { should include 'pam' }\n          end if package('sssd').installed?\n          describe command(\"grep -i -E 'services(\\s)*=(\\s)*(.+*)pam' #{file}\") do\n            its('stdout.strip') { should include 'pam' }\n          end if package('sssd').installed?\n        end if package('sssd').installed?\n      end\n    else\n      describe \"The set of SSSD configuration files\" do\n          subject { sssd_files.to_a }\n          it { should_not be_empty }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i -E 'services( )*=( )*(.+*)pam' /etc/sssd/sssd.conf` stdout.strip is expected to include "pam"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72221</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86845r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a FIPS 140-2
-approved cryptographic algorithm for SSH communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+approved cryptographic algorithm for SSH communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unapproved mechanisms that are used for authentication to the
 cryptographic module are not verified and therefore cannot be relied upon to
 provide confidentiality or integrity, and DoD data may be compromised.
@@ -22694,14 +21676,14 @@ mechanisms for authenticating to cryptographic modules.
     FIPS 140-2 is the current standard for validating that mechanisms used to
 access cryptographic modules utilize authentication that meets DoD
 requirements. This allows for Security Levels 1, 2, 3, or 4 for use on a
-general purpose computing system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+general purpose computing system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system uses mechanisms meeting the requirements of
 applicable federal laws, Executive orders, directives, policies, regulations,
 standards, and guidance for authentication to a cryptographic module.
@@ -22710,516 +21692,487 @@ standards, and guidance for authentication to a cryptographic module.
 the system cannot implement FIPS 140-2-approved cryptographic algorithms and
 hashes.
 
-    The location of the &quot;sshd_config&quot; file may vary if a different daemon is
+    The location of the "sshd_config" file may vary if a different daemon is
 in use.
 
-    Inspect the &quot;Ciphers&quot; configuration with the following command:
+    Inspect the "Ciphers" configuration with the following command:
 
-    # grep -i ciphers &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i ciphers /etc/ssh/sshd_config
     Ciphers aes128-ctr,aes192-ctr,aes256-ctr
 
-    If any ciphers other than &quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, or &quot;aes256-ctr&quot;
-are listed, the &quot;Ciphers&quot; keyword is missing, or the returned line is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any ciphers other than "aes128-ctr", "aes192-ctr", or "aes256-ctr"
+are listed, the "Ciphers" keyword is missing, or the returned line is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to use FIPS 140-2 approved cryptographic algorithms.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor).
 
     Ciphers aes128-ctr,aes192-ctr,aes256-ctr
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f9139ba5-0a28-4baf-8c59-eb3b01b5857a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-[&quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, &quot;aes256-ctr&quot;] is expected to be in &quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, and &quot;aes256-ctr&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72131</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86755r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030540</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72221\" do\n  title \"The Red Hat Enterprise Linux operating system must use a FIPS 140-2\napproved cryptographic algorithm for SSH communications.\"\n  desc  \"Unapproved mechanisms that are used for authentication to the\ncryptographic module are not verified and therefore cannot be relied upon to\nprovide confidentiality or integrity, and DoD data may be compromised.\n\n    Operating systems utilizing encryption are required to use FIPS-compliant\nmechanisms for authenticating to cryptographic modules.\n\n    FIPS 140-2 is the current standard for validating that mechanisms used to\naccess cryptographic modules utilize authentication that meets DoD\nrequirements. This allows for Security Levels 1, 2, 3, or 4 for use on a\ngeneral purpose computing system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uses mechanisms meeting the requirements of\napplicable federal laws, Executive orders, directives, policies, regulations,\nstandards, and guidance for authentication to a cryptographic module.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding as\nthe system cannot implement FIPS 140-2-approved cryptographic algorithms and\nhashes.\n\n    The location of the \\\"sshd_config\\\" file may vary if a different daemon is\nin use.\n\n    Inspect the \\\"Ciphers\\\" configuration with the following command:\n\n    # grep -i ciphers /etc/ssh/sshd_config\n    Ciphers aes128-ctr,aes192-ctr,aes256-ctr\n\n    If any ciphers other than \\\"aes128-ctr\\\", \\\"aes192-ctr\\\", or \\\"aes256-ctr\\\"\nare listed, the \\\"Ciphers\\\" keyword is missing, or the returned line is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to use FIPS 140-2 approved cryptographic algorithms.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor).\n\n    Ciphers aes128-ctr,aes192-ctr,aes256-ctr\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000033-GPOS-00014\"\n  tag satisfies: [\"SRG-OS-000033-GPOS-00014\", \"SRG-OS-000120-GPOS-00061\",\n\"SRG-OS-000125-GPOS-00065\", \"SRG-OS-000250-GPOS-00093\",\n\"SRG-OS-000393-GPOS-00173\"]\n  tag gid: \"V-72221\"\n  tag rid: \"SV-86845r3_rule\"\n  tag stig_id: \"RHEL-07-040110\"\n  tag fix_id: \"F-78575r3_fix\"\n  tag cci: [\"CCI-000068\", \"CCI-000366\", \"CCI-000803\"]\n  tag nist: [\"AC-17 (2)\", \"CM-6 b\", \"IA-7\", \"Rev_4\"]\n\n  @ciphers_array = inspec.sshd_config.params['ciphers']\n\n  unless @ciphers_array.nil?\n    @ciphers_array = @ciphers_array.first.split(\",\")\n  end\n\n  describe @ciphers_array do\n    it { should be_in ['aes128-ctr', 'aes192-ctr', 'aes256-ctr'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST ["aes128-ctr", "aes192-ctr", "aes256-ctr"] is expected to be in "aes128-ctr", "aes192-ctr", and "aes256-ctr"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72131</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86755r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030540</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the truncate syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the truncate syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;truncate&quot; syscall occur.
+successful/unsuccessful attempts to use the "truncate" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw truncate &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw truncate /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;truncate&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"truncate" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;truncate&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f7a6e3da-6ecc-4fb7-8655-449b9203e0d1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86823r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030880</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "truncate" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72131\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe truncate syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"truncate\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw truncate /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"truncate\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"truncate\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72131\"\n  tag rid: \"SV-86755r5_rule\"\n  tag stig_id: \"RHEL-07-030540\"\n  tag fix_id: \"F-78483r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"truncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"truncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"truncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"truncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86823r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030880</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the rename syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the rename syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rename&quot; syscall occur.
+successful/unsuccessful attempts to use the "rename" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw rename &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw rename /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;rename&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"rename" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rename&quot; syscall occur.
+successful/unsuccessful attempts to use the "rename" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cd1ec92c-4f6a-4b16-b3d5-d40f7a3c30a1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72233</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86857r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72199\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe rename syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"rename\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw rename /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"rename\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"rename\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72199\"\n  tag rid: \"SV-86823r5_rule\"\n  tag stig_id: \"RHEL-07-030880\"\n  tag fix_id: \"F-78553r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"rename\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"rename\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "rename" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72233</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86857r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all networked systems have SSH installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all networked systems have SSH installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without protection of the transmitted information, confidentiality and
 integrity may be compromised because unprotected communications can be
 intercepted and either read or altered.
@@ -23235,310 +22188,298 @@ interception and modification.
 can be accomplished by physical means (e.g., employing physical distribution
 systems) or by logical means (e.g., employing cryptographic techniques). If
 physical means of protection are employed, logical means (cryptography) do not
-have to be employed, and vice versa.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+have to be employed, and vice versa.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if sshd is installed with the following command:
 
 # yum list installed \*ssh\*
-libssh2.x86_64 1.4.3-8.el7 @anaconda&#x2F;7.1
-openssh.x86_64 6.6.1p1-11.el7 @anaconda&#x2F;7.1
-openssh-server.x86_64 6.6.1p1-11.el7 @anaconda&#x2F;7.1
-
-If the &quot;SSH server&quot; package is not installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1
+openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1
+openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1
+
+If the "SSH server" package is not installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install SSH packages onto the host with the following commands:
 
-# yum install openssh-server.x86_64</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0c4d033f-71bf-4346-8b5d-12eaf8ed7d05</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package openssh-server is expected to be installed
---------------------------------
-passed
-System Package openssh-clients is expected to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72011</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86635r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum install openssh-server.x86_64</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72233\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all networked systems have SSH installed.\"\n  desc  \"Without protection of the transmitted information, confidentiality and\nintegrity may be compromised because unprotected communications can be\nintercepted and either read or altered.\n\n    This requirement applies to both internal and external networks and all\ntypes of information system components from which information can be\ntransmitted (e.g., servers, mobile devices, notebook computers, printers,\ncopiers, scanners, and facsimile machines). Communication paths outside the\nphysical protection of a controlled boundary are exposed to the possibility of\ninterception and modification.\n\n    Protecting the confidentiality and integrity of organizational information\ncan be accomplished by physical means (e.g., employing physical distribution\nsystems) or by logical means (e.g., employing cryptographic techniques). If\nphysical means of protection are employed, logical means (cryptography) do not\nhave to be employed, and vice versa.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if sshd is installed with the following command:\n\n    # yum list installed \\\\*ssh\\\\*\n    libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1\n    openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1\n    openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1\n\n    If the \\\"SSH server\\\" package is not installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Install SSH packages onto the host with the following commands:\n\n    # yum install openssh-server.x86_64\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000423-GPOS-00187\"\n  tag satisfies: [\"SRG-OS-000423-GPOS-00187\", \"SRG-OS-000424-GPOS-00188\",\n\"SRG-OS-000425-GPOS-00189\", \"SRG-OS-000426-GPOS-00190\"]\n  tag gid: \"V-72233\"\n  tag rid: \"SV-86857r3_rule\"\n  tag stig_id: \"RHEL-07-040300\"\n  tag fix_id: \"F-78587r3_fix\"\n  tag cci: [\"CCI-002418\", \"CCI-002420\", \"CCI-002421\", \"CCI-002422\"]\n  tag nist: [\"SC-8\", \"SC-8 (2)\", \"SC-8 (1)\", \"SC-8 (2)\", \"Rev_4\"]\n\n  describe package('openssh-server') do\n    it { should be_installed }\n  end\n  describe package('openssh-clients') do\n    it { should be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package openssh-server is expected to be installed
+--------------------------------
+passed :: TEST System Package openssh-clients is expected to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72011</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86635r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive users have a home directory assigned in the
-&#x2F;etc&#x2F;passwd file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+/etc/passwd file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users are not assigned a valid home directory,
-there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify local interactive users on the system have a home directory assigned.
 
     Check for missing local interactive user home directories with the
 following command:
 
     # pwck -r
-    user &#39;lp&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;lpd&#39; does not exist
-    user &#39;news&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;news&#39; does not exist
-    user &#39;uucp&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;uucp&#39; does not exist
-    user &#39;smithj&#39;: directory &#39;&#x2F;home&#x2F;smithj&#39; does not exist
+    user 'lp': directory '/var/spool/lpd' does not exist
+    user 'news': directory '/var/spool/news' does not exist
+    user 'uucp': directory '/var/spool/uucp' does not exist
+    user 'smithj': directory '/home/smithj' does not exist
 
     Ask the System Administrator (SA) if any users found without home
 directories are local interactive users. If the SA is unable to provide a
 response, check for users with a User Identifier (UID) of 1000 or greater with
 the following command:
 
-    # cut -d: -f 1,3 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{2}$|:[0-9]{1,2}$&quot;
+    # cut -d: -f 1,3 /etc/passwd | egrep ":[1-4][0-9]{2}$|:[0-9]{1,2}$"
 
     If any interactive users do not have a home directory assigned, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Assign home directories to all local interactive users that
-currently do not have a home directory assigned.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b02b4849-81c7-498f-9ce6-60d15a219a29</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71919</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86543r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+currently do not have a home directory assigned.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72011\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive users have a home directory assigned in the\n/etc/passwd file.\"\n  desc  \"If local interactive users are not assigned a valid home directory,\nthere is no place for the storage and control of files they should own.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify local interactive users on the system have a home directory assigned.\n\n    Check for missing local interactive user home directories with the\nfollowing command:\n\n    # pwck -r\n    user 'lp': directory '/var/spool/lpd' does not exist\n    user 'news': directory '/var/spool/news' does not exist\n    user 'uucp': directory '/var/spool/uucp' does not exist\n    user 'smithj': directory '/home/smithj' does not exist\n\n    Ask the System Administrator (SA) if any users found without home\ndirectories are local interactive users. If the SA is unable to provide a\nresponse, check for users with a User Identifier (UID) of 1000 or greater with\nthe following command:\n\n    # cut -d: -f 1,3 /etc/passwd | egrep \\\":[1-4][0-9]{2}$|:[0-9]{1,2}$\\\"\n\n    If any interactive users do not have a home directory assigned, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Assign home directories to all local interactive users that\ncurrently do not have a home directory assigned.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72011\"\n  tag rid: \"SV-86635r2_rule\"\n  tag stig_id: \"RHEL-07-020600\"\n  tag fix_id: \"F-78363r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71919</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86543r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the PAM system service is configured to store only encrypted
-representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the PAM system service is configured to store only encrypted
 representations of passwords. The strength of encryption that must be used to
 hash passwords for all accounts is SHA512.
@@ -23546,1083 +22487,1037 @@ hash passwords for all accounts is SHA512.
     Check that the system is configured to create SHA512 hashed passwords with
 the following command:
 
-    # grep password &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep password /etc/pam.d/system-auth /etc/pam.d/password-auth
 
     Outcome should look like following:
-    &#x2F;etc&#x2F;pam.d&#x2F;system-auth-ac:password    sufficient    pam_unix.so sha512
+    /etc/pam.d/system-auth-ac:password    sufficient    pam_unix.so sha512
 shadow try_first_pass use_authtok
-    &#x2F;etc&#x2F;pam.d&#x2F;password-auth:password    sufficient    pam_unix.so sha512
+    /etc/pam.d/password-auth:password    sufficient    pam_unix.so sha512
 shadow try_first_pass use_authtok
 
-    If the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot;
+    If the "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth"
 configuration files allow for password hashes other than SHA512 to be used,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot;:
+    Add the following line in "/etc/pam.d/system-auth":
     pam_unix.so sha512 shadow try_first_pass use_authtok
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot;:
+    Add the following line in "/etc/pam.d/password-auth":
     pam_unix.so sha512 shadow try_first_pass use_authtok
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b2cea29b-2d5d-4112-85ef-a082e90824bd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password sufficient pam_unix.so sha512
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password .* pam_unix.so, all without args ^(md5|bigcrypt|sha256|blowfish)$</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86789r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71919\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the PAM system service is configured to store only encrypted\nrepresentations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the PAM system service is configured to store only encrypted\nrepresentations of passwords. The strength of encryption that must be used to\nhash passwords for all accounts is SHA512.\n\n    Check that the system is configured to create SHA512 hashed passwords with\nthe following command:\n\n    # grep password /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    Outcome should look like following:\n    /etc/pam.d/system-auth-ac:password    sufficient    pam_unix.so sha512\nshadow try_first_pass use_authtok\n    /etc/pam.d/password-auth:password    sufficient    pam_unix.so sha512\nshadow try_first_pass use_authtok\n\n    If the \\\"/etc/pam.d/system-auth\\\" and \\\"/etc/pam.d/password-auth\\\"\nconfiguration files allow for password hashes other than SHA512 to be used,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add the following line in \\\"/etc/pam.d/system-auth\\\":\n    pam_unix.so sha512 shadow try_first_pass use_authtok\n\n    Add the following line in \\\"/etc/pam.d/password-auth\\\":\n    pam_unix.so sha512 shadow try_first_pass use_authtok\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71919\"\n  tag rid: \"SV-86543r3_rule\"\n  tag stig_id: \"RHEL-07-010200\"\n  tag fix_id: \"F-78271r4_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe pam(\"/etc/pam.d/system-auth\") do\n    its('lines') { should match_pam_rule('password sufficient pam_unix.so sha512') }\n    its('lines') { should match_pam_rule('password .* pam_unix.so').all_without_args('^(md5|bigcrypt|sha256|blowfish)$') }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password sufficient pam_unix.so sha512
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password .* pam_unix.so, all without args ^(md5|bigcrypt|sha256|blowfish)$</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86789r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the newgrp command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the newgrp command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;newgrp&quot; command occur.
+successful/unsuccessful attempts to use the "newgrp" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;newgrp &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/newgrp /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;newgrp -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;newgrp&quot; command occur.
+successful/unsuccessful attempts to use the "newgrp" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;newgrp -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>67b2afca-9392-4acd-8687-0132182d0f8c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;newgrp&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;newgrp&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72157</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86781r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72165\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe newgrp command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"newgrp\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -i /usr/bin/newgrp /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"newgrp\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72165\"\n  tag rid: \"SV-86789r4_rule\"\n  tag stig_id: \"RHEL-07-030710\"\n  tag fix_id: \"F-78519r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/newgrp'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/newgrp" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/newgrp" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72157</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86781r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the userhelper command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the userhelper command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;userhelper&quot; command occur.
+successful/unsuccessful attempts to use the "userhelper" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;userhelper &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/userhelper /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;userhelper -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
+    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;userhelper&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;userhelper -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a7863fbe-0ea6-40d1-bf8b-4946ab070fd9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;userhelper&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;userhelper&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73167</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87819r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030872</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "userhelper" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72157\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe userhelper command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"userhelper\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/userhelper /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"userhelper\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72157\"\n  tag rid: \"SV-86781r5_rule\"\n  tag stig_id: \"RHEL-07-030670\"\n  tag fix_id: \"F-78509r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/userhelper'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/userhelper" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/userhelper" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73167</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87819r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030872</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;gshadow.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/gshadow.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;gshadow&quot;.
+"/etc/gshadow".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;gshadow &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/gshadow /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;gshadow -p wa -k identity
+    -w /etc/gshadow -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;gshadow&quot;.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;gshadow -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>87f83a85-93e6-4569-bf2c-89ae7f0c28f3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;gshadow&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;gshadow&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71955</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86579r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/gshadow".
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/gshadow -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73167\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/gshadow.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/gshadow\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/gshadow /etc/audit/audit.rules\n\n    -w /etc/gshadow -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/gshadow\\\".\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/gshadow -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73167\"\n  tag rid: \"SV-87819r4_rule\"\n  tag stig_id: \"RHEL-07-030872\"\n  tag fix_id: \"F-79613r3_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/gshadow'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/gshadow" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/gshadow" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71955</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86579r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow an
-unrestricted logon to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unrestricted logon to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow an unrestricted logon to the
 system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Check for the value of the &quot;TimedLoginEnable&quot; parameter in
-&quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file with the following command:
+    Check for the value of the "TimedLoginEnable" parameter in
+"/etc/gdm/custom.conf" file with the following command:
 
-    # grep -i timedloginenable &#x2F;etc&#x2F;gdm&#x2F;custom.conf
-    TimedLoginEnable&#x3D;false
+    # grep -i timedloginenable /etc/gdm/custom.conf
+    TimedLoginEnable=false
 
-    If the value of &quot;TimedLoginEnable&quot; is not set to &quot;false&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "TimedLoginEnable" is not set to "false", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow an unrestricted account to log
 on to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Add or edit the line for the &quot;TimedLoginEnable&quot; parameter in the [daemon]
-section of the &quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file to &quot;false&quot;:
+    Add or edit the line for the "TimedLoginEnable" parameter in the [daemon]
+section of the "/etc/gdm/custom.conf" file to "false":
 
     [daemon]
-    TimedLoginEnable&#x3D;false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fecb4943-73b8-4e1c-884d-e1739f907f4d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GDM installed
-The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86775r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    TimedLoginEnable=false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71955\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow an\nunrestricted logon to the system.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow an unrestricted logon to the\nsystem via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check for the value of the \\\"TimedLoginEnable\\\" parameter in\n\\\"/etc/gdm/custom.conf\\\" file with the following command:\n\n    # grep -i timedloginenable /etc/gdm/custom.conf\n    TimedLoginEnable=false\n\n    If the value of \\\"TimedLoginEnable\\\" is not set to \\\"false\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow an unrestricted account to log\non to the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Add or edit the line for the \\\"TimedLoginEnable\\\" parameter in the [daemon]\nsection of the \\\"/etc/gdm/custom.conf\\\" file to \\\"false\\\":\n\n    [daemon]\n    TimedLoginEnable=false\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71955\"\n  tag rid: \"SV-86579r3_rule\"\n  tag stig_id: \"RHEL-07-010450\"\n  tag fix_id: \"F-78307r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  custom_conf = '/etc/gdm/custom.conf'\n\n  if package('gdm').installed?\n    impact 0.7\n    if ((f = file(custom_conf)).exist?)\n      describe ini(custom_conf) do\n        its('daemon.TimedLoginEnable') { cmp false }\n      end\n    else\n      describe f do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GDM installed\" do\n      skip \"The system does not have GDM installed, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GDM installed :: SKIP_MESSAGE The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86775r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unix_chkpwd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unix_chkpwd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unix_chkpwd&quot; command occur.
+successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
+    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unix_chkpwd&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>65ba7a66-c805-49d9-a2a9-604189780089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71987</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000437-GPOS-00194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86611r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72151\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unix_chkpwd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unix_chkpwd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unix_chkpwd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72151\"\n  tag rid: \"SV-86775r5_rule\"\n  tag stig_id: \"RHEL-07-030640\"\n  tag fix_id: \"F-78503r8_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/unix_chkpwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/unix_chkpwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/unix_chkpwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71987</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000437-GPOS-00194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86611r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must remove all software
-components after updated versions have been installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+components after updated versions have been installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Previous versions of software components that are not removed from the
 information system after updates have been installed may be exploited by
 adversaries. Some information technology products may remove older versions of
-software automatically from the information system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+software automatically from the information system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system removes all software components after updated
 versions have been installed.
 
     Check if yum is configured to remove unneeded packages with the following
 command:
 
-    # grep -i clean_requirements_on_remove &#x2F;etc&#x2F;yum.conf
-    clean_requirements_on_remove&#x3D;1
+    # grep -i clean_requirements_on_remove /etc/yum.conf
+    clean_requirements_on_remove=1
 
-    If &quot;clean_requirements_on_remove&quot; is not set to &quot;1&quot;, &quot;True&quot;, or
-&quot;yes&quot;, or is not set in &quot;&#x2F;etc&#x2F;yum.conf&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "clean_requirements_on_remove" is not set to "1", "True", or
+"yes", or is not set in "/etc/yum.conf", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to remove all software components after
 updated versions have been installed.
 
-    Set the &quot;clean_requirements_on_remove&quot; option to &quot;1&quot; in the
-&quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    clean_requirements_on_remove&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ab28007a-7e90-4a8a-a941-f1527b74d4d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002617</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;yum.conf main.clean_requirements_on_remove is expected to match &#x2F;1|True|yes&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71909</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000266-GPOS-00101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86533r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "clean_requirements_on_remove" option to "1" in the
+"/etc/yum.conf" file:
+
+    clean_requirements_on_remove=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71987\" do\n  title \"The Red Hat Enterprise Linux operating system must remove all software\ncomponents after updated versions have been installed.\"\n  desc  \"Previous versions of software components that are not removed from the\ninformation system after updates have been installed may be exploited by\nadversaries. Some information technology products may remove older versions of\nsoftware automatically from the information system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system removes all software components after updated\nversions have been installed.\n\n    Check if yum is configured to remove unneeded packages with the following\ncommand:\n\n    # grep -i clean_requirements_on_remove /etc/yum.conf\n    clean_requirements_on_remove=1\n\n    If \\\"clean_requirements_on_remove\\\" is not set to \\\"1\\\", \\\"True\\\", or\n\\\"yes\\\", or is not set in \\\"/etc/yum.conf\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to remove all software components after\nupdated versions have been installed.\n\n    Set the \\\"clean_requirements_on_remove\\\" option to \\\"1\\\" in the\n\\\"/etc/yum.conf\\\" file:\n\n    clean_requirements_on_remove=1\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000437-GPOS-00194\"\n  tag gid: \"V-71987\"\n  tag rid: \"SV-86611r2_rule\"\n  tag stig_id: \"RHEL-07-020200\"\n  tag fix_id: \"F-78339r1_fix\"\n  tag cci: [\"CCI-002617\"]\n  tag nist: [\"SI-2 (6)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/yum.conf\") do\n    its('main.clean_requirements_on_remove') { should match %r{1|True|yes}i }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002617</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/yum.conf main.clean_requirements_on_remove is expected to match /1|True|yes/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71909</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000266-GPOS-00101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86533r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one special character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one special character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -24631,293 +23526,282 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces password complexity by requiring that
 at least one special character be used.
 
     Note: The value to require a number of special characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;ocredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "ocredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep ocredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    ocredit&#x3D;-1
+    # grep ocredit /etc/security/pwquality.conf
+    ocredit=-1
 
-    If the value of &quot;ocredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "ocredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one special character be used by setting the &quot;ocredit&quot; option.
+that at least one special character be used by setting the "ocredit" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    ocredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>afc29767-6dc9-431b-b226-f3c2bb0d2952</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf ocredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72085</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86709r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    ocredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71909\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one special character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces password complexity by requiring that\nat least one special character be used.\n\n    Note: The value to require a number of special characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"ocredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep ocredit /etc/security/pwquality.conf\n    ocredit=-1\n\n    If the value of \\\"ocredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one special character be used by setting the \\\"ocredit\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    ocredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000266-GPOS-00101\"\n  tag gid: \"V-71909\"\n  tag rid: \"SV-86533r2_rule\"\n  tag stig_id: \"RHEL-07-010150\"\n  tag fix_id: \"F-78261r2_fix\"\n  tag cci: [\"CCI-001619\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('ocredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf ocredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72085</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86709r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must encrypt the
 transfer of audit records off-loaded onto a different system or media from the
-system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
-storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system encrypts audit records off-loaded onto a
 different system or media from the system being audited.
 
     To determine if the transfer is encrypted, use the following command:
 
-    # grep -i enable_krb5 &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    enable_krb5 &#x3D; yes
+    # grep -i enable_krb5 /etc/audisp/audisp-remote.conf
+    enable_krb5 = yes
 
-    If the value of the &quot;enable_krb5&quot; option is not set to &quot;yes&quot; or the
+    If the value of the "enable_krb5" option is not set to "yes" or the
 line is commented out, ask the System Administrator to indicate how the audit
 logs are off-loaded to a different system or media.
 
     If there is no evidence that the transfer of the audit logs being
-off-loaded to another system or media is encrypted, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+off-loaded to another system or media is encrypted, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to encrypt the transfer of off-loaded audit
 records onto a different system or media from the system being audited.
 
-    Uncomment the &quot;enable_krb5&quot; option in &quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot;
+    Uncomment the "enable_krb5" option in "/etc/audisp/audisp-remote.conf"
 and set it with the following line:
 
-    enable_krb5 &#x3D; yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a2cf18b2-ef79-4b6e-9d89-09016cbbf77f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71859</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86483r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    enable_krb5 = yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72085\" do\n  title \"The Red Hat Enterprise Linux operating system must encrypt the\ntransfer of audit records off-loaded onto a different system or media from the\nsystem being audited.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system encrypts audit records off-loaded onto a\ndifferent system or media from the system being audited.\n\n    To determine if the transfer is encrypted, use the following command:\n\n    # grep -i enable_krb5 /etc/audisp/audisp-remote.conf\n    enable_krb5 = yes\n\n    If the value of the \\\"enable_krb5\\\" option is not set to \\\"yes\\\" or the\nline is commented out, ask the System Administrator to indicate how the audit\nlogs are off-loaded to a different system or media.\n\n    If there is no evidence that the transfer of the audit logs being\noff-loaded to another system or media is encrypted, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to encrypt the transfer of off-loaded audit\nrecords onto a different system or media from the system being audited.\n\n    Uncomment the \\\"enable_krb5\\\" option in \\\"/etc/audisp/audisp-remote.conf\\\"\nand set it with the following line:\n\n    enable_krb5 = yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-72085\"\n  tag rid: \"SV-86709r2_rule\"\n  tag stig_id: \"RHEL-07-030310\"\n  tag fix_id: \"F-78437r1_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('enable_krb5'.to_s) { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71859</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86483r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner before granting local or
-remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -24930,7 +23814,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -24955,14 +23839,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the Standard Mandatory DoD Notice and
 Consent Banner before granting access to the operating system via a graphical
 user logon.
@@ -24973,14 +23857,14 @@ Applicable.
     Check to see if the operating system displays a banner at the logon screen
 with the following command:
 
-    # grep banner-message-enable &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    banner-message-enable&#x3D;true
+    # grep banner-message-enable /etc/dconf/db/local.d/*
+    banner-message-enable=true
 
-    If &quot;banner-message-enable&quot; is set to &quot;false&quot; or is missing, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "banner-message-enable" is set to "false" or is missing, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system.
 
@@ -24990,129 +23874,123 @@ Applicable.
     Create a database to contain the system-wide graphical user logon settings
 (if it does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message
+    # touch /etc/dconf/db/local.d/01-banner-message
 
-    Add the following line to the [org&#x2F;gnome&#x2F;login-screen] section of the
-&quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message&quot;:
+    Add the following line to the [org/gnome/login-screen] section of the
+"/etc/dconf/db/local.d/01-banner-message":
 
-    [org&#x2F;gnome&#x2F;login-screen]
-    banner-message-enable&#x3D;true
+    [org/gnome/login-screen]
+    banner-message-enable=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f7bb16fc-10fa-467f-b21c-39b19c846a3e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95731r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71859\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner before granting local or\nremote access to the system via a graphical user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the Standard Mandatory DoD Notice and\nConsent Banner before granting access to the operating system via a graphical\nuser logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if the operating system displays a banner at the logon screen\nwith the following command:\n\n    # grep banner-message-enable /etc/dconf/db/local.d/*\n    banner-message-enable=true\n\n    If \\\"banner-message-enable\\\" is set to \\\"false\\\" or is missing, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide graphical user logon settings\n(if it does not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/01-banner-message\n\n    Add the following line to the [org/gnome/login-screen] section of the\n\\\"/etc/dconf/db/local.d/01-banner-message\\\":\n\n    [org/gnome/login-screen]\n    banner-message-enable=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-71859\"\n  tag rid: \"SV-86483r4_rule\"\n  tag stig_id: \"RHEL-07-010030\"\n  tag fix_id: \"F-78211r4_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    if !dconf_user.nil? and command('whoami').stdout.strip == 'root'\n      describe command(\"sudo -u #{dconf_user} dconf read /org/gnome/login-screen/banner-message-enable\") do\n        its('stdout.strip') { should cmp banner_message_enabled.to_s }\n      end\n    else\n      describe command(\"dconf read /org/gnome/login-screen/banner-message-enable\") do\n        its('stdout.strip') { should cmp banner_message_enabled.to_s }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do      \n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95731r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must take appropriate
-action when the audisp-remote buffer is full.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+action when the audisp-remote buffer is full.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
@@ -25120,301 +23998,288 @@ incidental deletion or alteration.
 storage capacity.
 
     When the remote buffer is full, audit logs will not be collected and sent
-to the central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to the central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the audisp daemon is configured to take an appropriate action when
 the internal queue is full:
 
-    # grep &quot;overflow_action&quot; &#x2F;etc&#x2F;audisp&#x2F;audispd.conf
+    # grep "overflow_action" /etc/audisp/audispd.conf
 
-    overflow_action &#x3D; syslog
+    overflow_action = syslog
 
-    If the &quot;overflow_action&quot; option is not &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;audispd.conf file and add or update the
-&quot;overflow_action&quot; option:
+    If the "overflow_action" option is not "syslog", "single", or
+"halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/audispd.conf file and add or update the
+"overflow_action" option:
 
-    overflow_action &#x3D; syslog
+    overflow_action = syslog
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d0624aab-b73c-4340-bc0f-c07079e8539e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audispd.conf overflow_action is expected to match &#x2F;syslog$|single$|halt$&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78999</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93705r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030819</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81019\" do\n  title \"The Red Hat Enterprise Linux operating system must take appropriate\naction when the audisp-remote buffer is full.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    When the remote buffer is full, audit logs will not be collected and sent\nto the central log server.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the audisp daemon is configured to take an appropriate action when\nthe internal queue is full:\n\n    # grep \\\"overflow_action\\\" /etc/audisp/audispd.conf\n\n    overflow_action = syslog\n\n    If the \\\"overflow_action\\\" option is not \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/audispd.conf file and add or update the\n\\\"overflow_action\\\" option:\n\n    overflow_action = syslog\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81019\"\n  tag rid: \"SV-95731r1_rule\"\n  tag stig_id: \"RHEL-07-030210\"\n  tag fix_id: \"F-87853r3_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audispd.conf').exist?\n    describe parse_config_file('/etc/audisp/audispd.conf') do\n      its('overflow_action') { should match %r{syslog$|single$|halt$}i }\n    end\n  else\n    describe \"File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/audisp/audispd.conf overflow_action is expected to match /syslog$|single$|halt$/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78999</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93705r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030819</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the create_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the create_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;create_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "create_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw create_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw create_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S create_module -k module-change
+    -a always,exit -F arch=b32 -S create_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S create_module -k module-change
+    -a always,exit -F arch=b64 -S create_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;create_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"create_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;create_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S create_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S create_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b487243e-3b40-47aa-8e6c-7176219754d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72241</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86865r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "create_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S create_module -k module-change
+
+    -a always,exit -F arch=b64 -S create_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78999\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe create_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"create_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw create_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S create_module -k module-change\n\n    -a always,exit -F arch=b64 -S create_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"create_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"create_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S create_module -k module-change\n\n    -a always,exit -F arch=b64 -S create_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-78999\"\n  tag rid: \"SV-93705r3_rule\"\n  tag stig_id: \"RHEL-07-030819\"\n  tag fix_id: \"F-85749r4_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"create_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"create_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "create_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72241</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86865r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with SSH traffic terminate after a
-period of inactivity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+period of inactivity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle SSH session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -25422,185 +24287,179 @@ unattended. In addition, quickly terminating an idle SSH session will also free
 up resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically terminates a user session after
 inactivity time-outs have expired.
 
-    Check for the value of the &quot;ClientAliveCountMax&quot; keyword with the
+    Check for the value of the "ClientAliveCountMax" keyword with the
 following command:
 
-    # grep -i clientalivecount &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i clientalivecount /etc/ssh/sshd_config
     ClientAliveCountMax 0
 
-    If &quot;ClientAliveCountMax&quot; is not set to &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ClientAliveCountMax" is not set to "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to terminate automatically a user session
 after inactivity time-outs have expired or at shutdown.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor):
 
     ClientAliveCountMax 0
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bc34d95c-71e5-4f06-b225-c5ed5fb0da04</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The release is 7.8
-The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71849</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000257-GPOS-00098</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86473r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72241\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with SSH traffic terminate after a\nperiod of inactivity.\"\n  desc  \"Terminating an idle SSH session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle SSH session will also free\nup resources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically terminates a user session after\ninactivity time-outs have expired.\n\n    Check for the value of the \\\"ClientAliveCountMax\\\" keyword with the\nfollowing command:\n\n    # grep -i clientalivecount /etc/ssh/sshd_config\n    ClientAliveCountMax 0\n\n    If \\\"ClientAliveCountMax\\\" is not set to \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to terminate automatically a user session\nafter inactivity time-outs have expired or at shutdown.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor):\n\n    ClientAliveCountMax 0\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag satisfies: [\"SRG-OS-000163-GPOS-00072\", \"SRG-OS-000279-GPOS-00109\"]\n  tag gid: \"V-72241\"\n  tag rid: \"SV-86865r4_rule\"\n  tag stig_id: \"RHEL-07-040340\"\n  tag fix_id: \"F-78595r4_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  if os.release.to_f &gt;= 7.4\n    impact 0.0\n    describe \"The release is #{os.release}\" do\n      skip \"The release is newer than 7.4; this control is Not Applicable.\"\n    end\n  else\n    describe sshd_config do\n      its('ClientAliveCountMax') { should cmp '0' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The release is 7.8 :: SKIP_MESSAGE The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71849</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000257-GPOS-00098</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86473r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the file permissions, ownership, and group membership of system files and
-commands match the vendor values.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+commands match the vendor values.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Discretionary access control is weakened if a user or group has access
-permissions to system files and directories greater than the default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+permissions to system files and directories greater than the default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file permissions, ownership, and group membership of system
 files and commands match the vendor values.
 
     Check the default file permissions, ownership, and group membership of
 system files and commands with the following command:
 
-    # for i in &#x60;rpm -Va | egrep -i &#39;^\.[M|U|G|.]{8}&#39; | cut -d &quot; &quot; -f4,5&#x60;;do
-for j in &#x60;rpm -qf $i&#x60;;do rpm -ql $j --dump | cut -d &quot; &quot; -f1,5,6,7 | grep
+    # for i in `rpm -Va | egrep -i '^\.[M|U|G|.]{8}' | cut -d " " -f4,5`;do
+for j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d " " -f1,5,6,7 | grep
 $i;done;done
 
-    &#x2F;var&#x2F;log&#x2F;gdm 040755 root root
-    &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf 0100640 root root
-    &#x2F;usr&#x2F;bin&#x2F;passwd 0104755 root root
+    /var/log/gdm 040755 root root
+    /etc/audisp/audisp-remote.conf 0100640 root root
+    /usr/bin/passwd 0104755 root root
 
     For each file returned, verify the current permissions, ownership, and
 group membership:
     # ls -la &lt;filename&gt;
 
-    -rw-------. 1 root root 133 Jan 11 13:25 &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
+    -rw-------. 1 root root 133 Jan 11 13:25 /etc/audisp/audisp-remote.conf
 
     If the file is more permissive than the default permissions, this is a
 finding.
@@ -25609,10 +24468,10 @@ finding.
 the Information System Security Officer (ISSO), this is a finding.
 
     If the file is not a member of the default group and is not documented with
-the Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+the Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the file:
 
     # rpm -qf &lt;filename&gt;
@@ -25625,589 +24484,567 @@ following command:
 
     Reset the permissions of files within a package with the following command:
 
-    #rpm --setperms &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ef2a5bdf-78a4-4bea-a587-9e82ed514f6f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long time to run and has been disabled
-    using the disable_slow_controls attribute.
-This control consistently takes a long time to run and has been disabled
+    #rpm --setperms &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71849\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file permissions, ownership, and group membership of system files and\ncommands match the vendor values.\"\n  desc  \"Discretionary access control is weakened if a user or group has access\npermissions to system files and directories greater than the default.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file permissions, ownership, and group membership of system\nfiles and commands match the vendor values.\n\n    Check the default file permissions, ownership, and group membership of\nsystem files and commands with the following command:\n\n    # for i in `rpm -Va | egrep -i '^\\\\.[M|U|G|.]{8}' | cut -d \\\" \\\" -f4,5`;do\nfor j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d \\\" \\\" -f1,5,6,7 | grep\n$i;done;done\n\n    /var/log/gdm 040755 root root\n    /etc/audisp/audisp-remote.conf 0100640 root root\n    /usr/bin/passwd 0104755 root root\n\n    For each file returned, verify the current permissions, ownership, and\ngroup membership:\n    # ls -la &lt;filename&gt;\n\n    -rw-------. 1 root root 133 Jan 11 13:25 /etc/audisp/audisp-remote.conf\n\n    If the file is more permissive than the default permissions, this is a\nfinding.\n\n    If the file is not owned by the default owner and is not documented with\nthe Information System Security Officer (ISSO), this is a finding.\n\n    If the file is not a member of the default group and is not documented with\nthe Information System Security Officer (ISSO), this is a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the file:\n\n    # rpm -qf &lt;filename&gt;\n\n    Reset the user and group ownership of files within a package with the\nfollowing command:\n\n    #rpm --setugids &lt;packagename&gt;\n\n\n    Reset the permissions of files within a package with the following command:\n\n    #rpm --setperms &lt;packagename&gt;\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000257-GPOS-00098\"\n  tag satisfies: [\"SRG-OS-000257-GPOS-00098\", \"SRG-OS-000278-GPOS-00108\"]\n  tag gid: \"V-71849\"\n  tag rid: \"SV-86473r4_rule\"\n  tag stig_id: \"RHEL-07-010010\"\n  tag fix_id: \"F-78201r4_fix\"\n  tag cci: [\"CCI-001494\", \"CCI-001496\", \"CCI-002165\", \"CCI-002235\"]\n  tag nist: [\"AU-9\", \"AU-9 (3)\", \"AC-3 (4)\", \"AC-6 (10)\", \"Rev_4\"]\n\n  if input('disable_slow_controls')\n    describe \"This control consistently takes a long time to run and has been disabled\n    using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long time to run and has been disabled\n            using the disable_slow_controls attribute. You must enable this control for a\n            full accredidation for production.\"\n    end\n  else\n    describe command(\"rpm -Va | grep '^.M' | awk 'NF&gt;1{print $NF}'\").stdout.strip.split(\"\\n\") do\n      it { should all(be_in rpm_verify_perms_except) }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long time to run and has been disabled
+    using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long time to run and has been disabled
             using the disable_slow_controls attribute. You must enable this control for a
-            full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72267</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86891r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+            full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72267</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86891r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow compression or only allows compression after
-successful authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+successful authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If compression is allowed in an SSH connection prior to
 authentication, vulnerabilities in the compression software could result in
 compromise of the system from an unauthenticated connection, potentially with
-root privileges.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+root privileges.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs compression after a user successfully
 authenticates.
 
     Check that the SSH daemon performs compression after a user successfully
 authenticates with the following command:
 
-    # grep -i compression &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i compression /etc/ssh/sshd_config
     Compression delayed
 
-    If the &quot;Compression&quot; keyword is set to &quot;yes&quot;, is missing, or the
-returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;Compression&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this
+    If the "Compression" keyword is set to "yes", is missing, or the
+returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "Compression" keyword in "/etc/ssh/sshd_config" (this
 file may be named differently or be in a different location if using a version
 of SSH that is provided by a third-party vendor) on the system and set the
-value to &quot;delayed&quot; or &quot;no&quot;:
+value to "delayed" or "no":
 
     Compression no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>01a52a2d-fe3f-4825-aef5-511b897b4548</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration Compression is expected to cmp &#x3D;&#x3D; &quot;delayed&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86835r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-031010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72267\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow compression or only allows compression after\nsuccessful authentication.\"\n  desc  \"If compression is allowed in an SSH connection prior to\nauthentication, vulnerabilities in the compression software could result in\ncompromise of the system from an unauthenticated connection, potentially with\nroot privileges.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs compression after a user successfully\nauthenticates.\n\n    Check that the SSH daemon performs compression after a user successfully\nauthenticates with the following command:\n\n    # grep -i compression /etc/ssh/sshd_config\n    Compression delayed\n\n    If the \\\"Compression\\\" keyword is set to \\\"yes\\\", is missing, or the\nreturned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"Compression\\\" keyword in \\\"/etc/ssh/sshd_config\\\" (this\nfile may be named differently or be in a different location if using a version\nof SSH that is provided by a third-party vendor) on the system and set the\nvalue to \\\"delayed\\\" or \\\"no\\\":\n\n    Compression no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72267\"\n  tag rid: \"SV-86891r3_rule\"\n  tag stig_id: \"RHEL-07-040470\"\n  tag fix_id: \"F-78621r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe sshd_config do\n      its('Compression') { should cmp 'delayed' }\n    end\n    describe sshd_config do\n      its('Compression') { should cmp 'no' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration Compression is expected to cmp == "delayed"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86835r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-031010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the rsyslog daemon does not accept log messages from other servers unless
-the server is being used for log aggregation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the server is being used for log aggregation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unintentionally running a rsyslog server accepting remote messages
 puts the system at increased risk. Malicious rsyslog messages sent to the
 server could exploit vulnerabilities in the server software itself, could
-introduce misleading information in to the system&#39;s logs, or could fill the
-system&#39;s storage leading to a Denial of Service.
+introduce misleading information in to the system's logs, or could fill the
+system's storage leading to a Denial of Service.
 
     If the system is intended to be a log aggregation server its use must be
-documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the system is not accepting &quot;rsyslog&quot; messages from other
+documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the system is not accepting "rsyslog" messages from other
 systems unless it is documented as a log aggregation server.
 
-    Check the configuration of &quot;rsyslog&quot; with the following command:
+    Check the configuration of "rsyslog" with the following command:
 
-    # grep imtcp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imtcp /etc/rsyslog.conf
     $ModLoad imtcp
-    # grep imudp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imudp /etc/rsyslog.conf
     $ModLoad imudp
-    # grep imrelp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imrelp /etc/rsyslog.conf
     $ModLoad imrelp
 
-    If any of the above modules are being loaded in the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot;
+    If any of the above modules are being loaded in the "/etc/rsyslog.conf"
 file, ask to see the documentation for the system being used for log
 aggregation.
 
     If the documentation does not exist, or does not specify the server as a
-log aggregation system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Modify the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; file to remove the &quot;ModLoad
-imtcp&quot;, &quot;ModLoad imudp&quot;, and &quot;ModLoad imrelp&quot; configuration lines, or
-document the system as being used for log aggregation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>53489344-d648-4150-9a65-d5dee7b2da31</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;rsyslog.conf content is expected to match &#x2F;\$ModLoad\s+imtcp.*\n?$&#x2F;
---------------------------------
-passed
-File &#x2F;etc&#x2F;rsyslog.conf content is expected not to match &#x2F;^\$ModLoad\s+imtcp.*\n?$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72239</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86863r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+log aggregation system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Modify the "/etc/rsyslog.conf" file to remove the "ModLoad
+imtcp", "ModLoad imudp", and "ModLoad imrelp" configuration lines, or
+document the system as being used for log aggregation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72211\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the rsyslog daemon does not accept log messages from other servers unless\nthe server is being used for log aggregation.\"\n  desc  \"Unintentionally running a rsyslog server accepting remote messages\nputs the system at increased risk. Malicious rsyslog messages sent to the\nserver could exploit vulnerabilities in the server software itself, could\nintroduce misleading information in to the system's logs, or could fill the\nsystem's storage leading to a Denial of Service.\n\n    If the system is intended to be a log aggregation server its use must be\ndocumented with the ISSO.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the system is not accepting \\\"rsyslog\\\" messages from other\nsystems unless it is documented as a log aggregation server.\n\n    Check the configuration of \\\"rsyslog\\\" with the following command:\n\n    # grep imtcp /etc/rsyslog.conf\n    $ModLoad imtcp\n    # grep imudp /etc/rsyslog.conf\n    $ModLoad imudp\n    # grep imrelp /etc/rsyslog.conf\n    $ModLoad imrelp\n\n    If any of the above modules are being loaded in the \\\"/etc/rsyslog.conf\\\"\nfile, ask to see the documentation for the system being used for log\naggregation.\n\n    If the documentation does not exist, or does not specify the server as a\nlog aggregation system, this is a finding.\n  \"\n  desc  \"fix\", \"Modify the \\\"/etc/rsyslog.conf\\\" file to remove the \\\"ModLoad\nimtcp\\\", \\\"ModLoad imudp\\\", and \\\"ModLoad imrelp\\\" configuration lines, or\ndocument the system as being used for log aggregation.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72211\"\n  tag rid: \"SV-86835r2_rule\"\n  tag stig_id: \"RHEL-07-031010\"\n  tag fix_id: \"F-78565r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  log_aggregation_server = input('log_aggregation_server')\n\n  if log_aggregation_server\n    describe file('/etc/rsyslog.conf') do\n      its('content') { should match %r{^\\$ModLoad\\s+imtcp.*\\n?$} }\n    end\n  else\n    describe.one do\n      describe file('/etc/rsyslog.conf') do\n        its('content') { should match %r{\\$ModLoad\\s+imtcp.*\\n?$} }\n      end\n      describe file('/etc/rsyslog.conf') do\n        its('content') { should_not match %r{^\\$ModLoad\\s+imtcp.*\\n?$} }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/rsyslog.conf content is expected to match /\$ModLoad\s+imtcp.*\n?$/
+--------------------------------
+passed :: TEST File /etc/rsyslog.conf content is expected not to match /^\$ModLoad\s+imtcp.*\n?$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72239</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86863r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow authentication using RSA rhosts
-authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check the version of the operating system with the following command:
 
-    # cat &#x2F;etc&#x2F;redhat-release
+    # cat /etc/redhat-release
 
     If the release is 7.4 or newer this requirement is Not Applicable.
 
     Verify the SSH daemon does not allow authentication using RSA rhosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;RhostsRSAAuthentication&quot; option is
+    To determine how the SSH daemon's "RhostsRSAAuthentication" option is
 set, run the following command:
 
-    # grep RhostsRSAAuthentication &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep RhostsRSAAuthentication /etc/ssh/sshd_config
     RhostsRSAAuthentication no
 
-    If the value is returned as &quot;yes&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "yes", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using RSA rhosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;no&quot;:
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "no":
 
     RhostsRSAAuthentication no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d586110e-2a2b-47b9-aba8-95ead3f2fa4e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration RhostsRSAAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77819</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92515r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010061</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72239\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using RSA rhosts\nauthentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    If the release is 7.4 or newer this requirement is Not Applicable.\n\n    Verify the SSH daemon does not allow authentication using RSA rhosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"RhostsRSAAuthentication\\\" option is\nset, run the following command:\n\n    # grep RhostsRSAAuthentication /etc/ssh/sshd_config\n    RhostsRSAAuthentication no\n\n    If the value is returned as \\\"yes\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using RSA rhosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"no\\\":\n\n    RhostsRSAAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72239\"\n  tag rid: \"SV-86863r4_rule\"\n  tag stig_id: \"RHEL-07-040330\"\n  tag fix_id: \"F-78593r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('RhostsRSAAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration RhostsRSAAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77819</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92515r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010061</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must uniquely identify
 and must authenticate users using multifactor authentication via a graphical
-user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To assure accountability and prevent unauthenticated access, users
 must be identified and authenticated to prevent potential misuse and compromise
 of the system.
@@ -26216,14 +25053,14 @@ of the system.
 systems gaining access include, for example, hardware tokens providing
 time-based or challenge-response authenticators and smart cards such as the
 U.S. Government Personal Identity Verification card and the DoD Common Access
-Card.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Card.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system uniquely identifies and authenticates users
 using multifactor authentication via a graphical user logon.
 
@@ -26233,23 +25070,23 @@ Applicable.
     Determine which profile the system database is using with the following
 command:
 
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Note: The example is using the database local for the system, so the path
-is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database other
+is "/etc/dconf/db/local.d". This path must be modified if a database other
 than local is being used.
 
-    # grep enable-smartcard-authentication &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
+    # grep enable-smartcard-authentication /etc/dconf/db/local.d/*
 
-    enable-smartcard-authentication&#x3D;true
+    enable-smartcard-authentication=true
 
-    If &quot;enable-smartcard-authentication&quot; is set to &quot;false&quot; or the keyword
-is missing, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "enable-smartcard-authentication" is set to "false" or the keyword
+is missing, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to uniquely identify and authenticate users
 using multifactor authentication via a graphical user logon.
 
@@ -26260,955 +25097,904 @@ Applicable.
 does not already exist) with the following command:
 
     Note: The example is using the database local for the system, so if the
-system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the file
+system is using another database in "/etc/dconf/profile/user", the file
 should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-defaults
+    # touch /etc/dconf/db/local.d/00-defaults
 
-    Edit &quot;[org&#x2F;gnome&#x2F;login-screen]&quot; and add or update the following line:
-    enable-smartcard-authentication&#x3D;true
+    Edit "[org/gnome/login-screen]" and add or update the following line:
+    enable-smartcard-authentication=true
 
     Update the system databases:
-    # dconf update</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9d576b89-da27-4c3d-884d-7498951ebc1c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.
---------------------------------
-skipped
-The pcsc-lite package is not installed
-The pcsc-lite package is not installed, this control is Not Applicable.
---------------------------------
-skipped
-The esc package is not installed
-The esc package is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86725r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030390</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # dconf update</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77819\" do\n  title \"The Red Hat Enterprise Linux operating system must uniquely identify\nand must authenticate users using multifactor authentication via a graphical\nuser logon.\"\n  desc  \"To assure accountability and prevent unauthenticated access, users\nmust be identified and authenticated to prevent potential misuse and compromise\nof the system.\n\n    Multifactor solutions that require devices separate from information\nsystems gaining access include, for example, hardware tokens providing\ntime-based or challenge-response authenticators and smart cards such as the\nU.S. Government Personal Identity Verification card and the DoD Common Access\nCard.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uniquely identifies and authenticates users\nusing multifactor authentication via a graphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Determine which profile the system database is using with the following\ncommand:\n\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Note: The example is using the database local for the system, so the path\nis \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database other\nthan local is being used.\n\n    # grep enable-smartcard-authentication /etc/dconf/db/local.d/*\n\n    enable-smartcard-authentication=true\n\n    If \\\"enable-smartcard-authentication\\\" is set to \\\"false\\\" or the keyword\nis missing, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to uniquely identify and authenticate users\nusing multifactor authentication via a graphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example is using the database local for the system, so if the\nsystem is using another database in \\\"/etc/dconf/profile/user\\\", the file\nshould be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/00-defaults\n\n    Edit \\\"[org/gnome/login-screen]\\\" and add or update the following line:\n    enable-smartcard-authentication=true\n\n    Update the system databases:\n    # dconf update\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00161\", \"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-77819\"\n  tag rid: \"SV-92515r2_rule\"\n  tag stig_id: \"RHEL-07-010061\"\n  tag fix_id: \"F-84519r4_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\"]\n\n  multifactor_enabled = input('multifactor_enabled')\n  dconf_user = input('dconf_user')\n\n  if package('gnome-desktop3').installed? &amp;&amp; package('pcsc-lite').installed? || package('esc').installed?\n    impact 0.5\n    if !dconf_user.nil? &amp;&amp; command('whoami').stdout.strip == 'root'\n      describe command(\"sudo -u #{dconf_user} dconf read /org/gnome/login-screen/enable-smartcard-authentication\") do\n        its('stdout.strip') { should eq multifactor_enabled.to_s }\n      end\n    else\n      describe command(\"dconf read /org/gnome/login-screen/enable-smartcard-authentication\") do\n        its('stdout.strip') { should eq multifactor_enabled.to_s }\n      end\n    end\n  else\n    impact 0.0\n    if !package('gnome-desktop3').installed?\n      describe \"The GNOME desktop is not installed\" do\n        skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n      end\n    end\n\n    if !package('pcsc-lite').installed?\n      describe \"The pcsc-lite package is not installed\" do\n        skip \"The pcsc-lite package is not installed, this control is Not Applicable.\"\n      end\n    end\n    if !package('esc').installed?\n      describe \"The esc package is not installed\" do\n        skip \"The esc package is not installed, this control is Not Applicable.\"\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.
+--------------------------------
+skipped :: TEST The pcsc-lite package is not installed :: SKIP_MESSAGE The pcsc-lite package is not installed, this control is Not Applicable.
+--------------------------------
+skipped :: TEST The esc package is not installed :: SKIP_MESSAGE The esc package is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86725r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030390</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lchown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lchown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lchown&quot; syscall occur.
+successful/unsuccessful attempts to use the "lchown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lchown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lchown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lchown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"lchown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2d25c7aa-ec5a-408c-ae56-432fe269f0e2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86747r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72101\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lchown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lchown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lchown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lchown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72101\"\n  tag rid: \"SV-86725r5_rule\"\n  tag stig_id: \"RHEL-07-030390\"\n  tag fix_id: \"F-78453r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lchown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lchown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lchown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86747r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the creat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the creat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;creat&quot; syscall occur.
+successful/unsuccessful attempts to use the "creat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw creat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw creat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S creat F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S creat F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;creat&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"creat" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;creat&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules:
-
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f6fcb7b1-135f-43d7-bcac-0e1537ed9b67</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86665r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "creat" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules:
+
+    -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72123\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe creat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"creat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw creat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S creat F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"creat\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"creat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules:\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72123\"\n  tag rid: \"SV-86747r5_rule\"\n  tag stig_id: \"RHEL-07-030500\"\n  tag fix_id: \"F-78475r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"creat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"creat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n\n  if os.arch == 'x86_64'\n     describe auditd.syscall(\"creat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"creat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86665r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that file systems containing user home directories are mounted to prevent files
-with the setuid and setgid bit set from being executed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute setuid
+with the setuid and setgid bit set from being executed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute setuid
 and setgid files with owner privileges. This option must be used for mounting
 any file system not containing approved setuid and setguid files. Executing
 files from untrusted file systems increases the opportunity for unprivileged
-users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that contain user home directories are mounted with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Find the file system(s) that contain the user home directories with the
 following command:
 
     Note: If a separate file system has not been created for the user home
-directories (user home directories are mounted under &quot;&#x2F;&quot;), this is not a
-finding as the &quot;nosuid&quot; option cannot be used on the &quot;&#x2F;&quot; system.
+directories (user home directories are mounted under "/"), this is not a
+finding as the "nosuid" option cannot be used on the "/" system.
 
-    # cut -d: -f 1,3,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1001:&#x2F;home&#x2F;smithj
-    thomasr:1002:&#x2F;home&#x2F;thomasr
+    # cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1001:/home/smithj
+    thomasr:1002:/home/thomasr
 
     Check the file systems that are mounted at boot time with the following
 command:
 
-    # more &#x2F;etc&#x2F;fstab
-
-    UUID&#x3D;a411dc99-f2a1-4c87-9e05-184977be8539 &#x2F;home   ext4
-rw,relatime,discard,data&#x3D;ordered,nosuid 0 2
-
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to the user home directory
-file system and it does not have the &quot;nosuid&quot; option set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that contain user home directories.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6c8d677e-8f8c-40a6-9e66-a41fec3045f5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;home options is expected to include &quot;nosuid&quot;
-expected nil to include &quot;nosuid&quot;, but it does not respond to &#x60;include?&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86577r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/fstab
+
+    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /home   ext4
+rw,relatime,discard,data=ordered,nosuid 0 2
+
+    If a file system found in "/etc/fstab" refers to the user home directory
+file system and it does not have the "nosuid" option set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that contain user home directories.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72041\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat file systems containing user home directories are mounted to prevent files\nwith the setuid and setgid bit set from being executed.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute setuid\nand setgid files with owner privileges. This option must be used for mounting\nany file system not containing approved setuid and setguid files. Executing\nfiles from untrusted file systems increases the opportunity for unprivileged\nusers to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that contain user home directories are mounted with the\n\\\"nosuid\\\" option.\n\n    Find the file system(s) that contain the user home directories with the\nfollowing command:\n\n    Note: If a separate file system has not been created for the user home\ndirectories (user home directories are mounted under \\\"/\\\"), this is not a\nfinding as the \\\"nosuid\\\" option cannot be used on the \\\"/\\\" system.\n\n    # cut -d: -f 1,3,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1001:/home/smithj\n    thomasr:1002:/home/thomasr\n\n    Check the file systems that are mounted at boot time with the following\ncommand:\n\n    # more /etc/fstab\n\n    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /home   ext4\nrw,relatime,discard,data=ordered,nosuid 0 2\n\n    If a file system found in \\\"/etc/fstab\\\" refers to the user home directory\nfile system and it does not have the \\\"nosuid\\\" option set, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that contain user home directories.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72041\"\n  tag rid: \"SV-86665r4_rule\"\n  tag stig_id: \"RHEL-07-021000\"\n  tag fix_id: \"F-78393r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/home') do\n    its('options') { should include 'nosuid' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /home options is expected to include "nosuid" :: MESSAGE expected nil to include "nosuid", but it does not respond to `include?`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86577r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow an
-unattended or automatic logon to the system via a graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unattended or automatic logon to the system via a graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow an unattended or automatic logon
 to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Check for the value of the &quot;AutomaticLoginEnable&quot; in the
-&quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file with the following command:
+    Check for the value of the "AutomaticLoginEnable" in the
+"/etc/gdm/custom.conf" file with the following command:
 
-    # grep -i automaticloginenable &#x2F;etc&#x2F;gdm&#x2F;custom.conf
-    AutomaticLoginEnable&#x3D;false
+    # grep -i automaticloginenable /etc/gdm/custom.conf
+    AutomaticLoginEnable=false
 
-    If the value of &quot;AutomaticLoginEnable&quot; is not set to &quot;false&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "AutomaticLoginEnable" is not set to "false", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow an unattended or automatic
 logon to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Add or edit the line for the &quot;AutomaticLoginEnable&quot; parameter in the
-[daemon] section of the &quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file to &quot;false&quot;:
+    Add or edit the line for the "AutomaticLoginEnable" parameter in the
+[daemon] section of the "/etc/gdm/custom.conf" file to "false":
 
     [daemon]
-    AutomaticLoginEnable&#x3D;false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d3351625-6632-4dfb-9e4f-4a06b7f918e5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GDM installed
-The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71969</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86593r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    AutomaticLoginEnable=false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71953\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow an\nunattended or automatic logon to the system via a graphical user interface.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow an unattended or automatic logon\nto the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check for the value of the \\\"AutomaticLoginEnable\\\" in the\n\\\"/etc/gdm/custom.conf\\\" file with the following command:\n\n    # grep -i automaticloginenable /etc/gdm/custom.conf\n    AutomaticLoginEnable=false\n\n    If the value of \\\"AutomaticLoginEnable\\\" is not set to \\\"false\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow an unattended or automatic\nlogon to the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Add or edit the line for the \\\"AutomaticLoginEnable\\\" parameter in the\n[daemon] section of the \\\"/etc/gdm/custom.conf\\\" file to \\\"false\\\":\n\n    [daemon]\n    AutomaticLoginEnable=false\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71953\"\n  tag rid: \"SV-86577r2_rule\"\n  tag stig_id: \"RHEL-07-010440\"\n  tag fix_id: \"F-78305r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  custom_conf = '/etc/gdm/custom.conf'\n\n  if package('gdm').installed?\n    if ((f = file(custom_conf)).exist?)\n      describe ini(custom_conf) do\n        its('daemon.AutomaticLoginEnable') { cmp false }\n      end\n    else\n      describe f do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GDM installed\" do\n      skip \"The system does not have GDM installed, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GDM installed :: SKIP_MESSAGE The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71969</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86593r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the ypserv
-package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Removing the &quot;ypserv&quot; package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Removing the "ypserv" package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The NIS service provides an unencrypted authentication service that does
 not provide for the confidentiality and integrity of user passwords or the
 remote session.
 
-    Check to see if the &quot;ypserve&quot; package is installed with the following
+    Check to see if the "ypserve" package is installed with the following
 command:
 
     # yum list installed ypserv
 
-    If the &quot;ypserv&quot; package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ypserv" package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
-removing the &quot;ypserv&quot; package from the system with the following command:
-
-    # yum remove ypserv</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bc830ad5-7c14-4224-bacd-05b041d18d25</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package ypserv is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72017</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86641r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+removing the "ypserv" package from the system with the following command:
+
+    # yum remove ypserv</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71969\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the ypserv\npackage installed.\"\n  desc  \"Removing the \\\"ypserv\\\" package decreases the risk of the accidental\n(or intentional) activation of NIS or NIS+ services.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The NIS service provides an unencrypted authentication service that does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session.\n\n    Check to see if the \\\"ypserve\\\" package is installed with the following\ncommand:\n\n    # yum list installed ypserv\n\n    If the \\\"ypserv\\\" package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the \\\"ypserv\\\" package from the system with the following command:\n\n    # yum remove ypserv\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-71969\"\n  tag rid: \"SV-86593r2_rule\"\n  tag stig_id: \"RHEL-07-020010\"\n  tag fix_id: \"F-78321r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package(\"ypserv\") do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package ypserv is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72017</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86641r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories have mode 0750 or less
-permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Excessive permissions on local interactive user home directories may
-allow unauthorized access to user files by other users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+allow unauthorized access to user files by other users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users has a
-mode of &quot;0750&quot; or less permissive.
+mode of "0750" or less permissive.
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
@@ -27217,280 +26003,268 @@ system with the following command:
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
-    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 &#x2F;home&#x2F;smithj
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
+    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj
 
-    If home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; do not have a mode of
-&quot;0750&quot; or less permissive, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the mode of interactive user&#39;s home directories to &quot;0750&quot;. To
-change the mode of a local interactive user&#39;s home directory, use the following
+    If home directories referenced in "/etc/passwd" do not have a mode of
+"0750" or less permissive, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the mode of interactive user's home directories to "0750". To
+change the mode of a local interactive user's home directory, use the following
 command:
 
-    Note: The example will be for the user &quot;smithj&quot;.
-
-    # chmod 0750 &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bcab3926-0534-4b33-8f04-98ca3ea4eab7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86815r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030840</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Note: The example will be for the user "smithj".
+
+    # chmod 0750 /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72017\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories have mode 0750 or less\npermissive.\"\n  desc  \"Excessive permissions on local interactive user home directories may\nallow unauthorized access to user files by other users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users has a\nmode of \\\"0750\\\" or less permissive.\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj\n\n    If home directories referenced in \\\"/etc/passwd\\\" do not have a mode of\n\\\"0750\\\" or less permissive, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the mode of interactive user's home directories to \\\"0750\\\". To\nchange the mode of a local interactive user's home directory, use the following\ncommand:\n\n    Note: The example will be for the user \\\"smithj\\\".\n\n    # chmod 0750 /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72017\"\n  tag rid: \"SV-86641r3_rule\"\n  tag stig_id: \"RHEL-07-020630\"\n  tag fix_id: \"F-78369r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -maxdepth 0 -perm /027\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories with excessive permissions\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86815r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030840</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the kmod command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the kmod command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;kmod&quot; command occur.
+successful/unsuccessful attempts to use the "kmod" command occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw kmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw kmod /etc/audit/audit.rules
 
-    -w &#x2F;usr&#x2F;bin&#x2F;kmod -p x -F auid!&#x3D;4294967295 -k module-change
+    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;kmod&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;usr&#x2F;bin&#x2F;kmod -p x -F auid!&#x3D;4294967295 -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>660d3189-c709-4831-a327-fb725ba8d2a0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;kmod&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;kmod&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71903</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86527r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010120</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "kmod" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72191\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe kmod command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"kmod\\\" command occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw kmod /etc/audit/audit.rules\n\n    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"kmod\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72191\"\n  tag rid: \"SV-86815r5_rule\"\n  tag stig_id: \"RHEL-07-030840\"\n  tag fix_id: \"F-78545r10_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/kmod'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/kmod" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/kmod" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71903</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86527r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010120</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one upper-case character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one upper-case character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -27499,144 +26273,139 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of upper-case characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;ucredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "ucredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep ucredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    ucredit &#x3D; -1
+    # grep ucredit /etc/security/pwquality.conf
+    ucredit = -1
 
-    If the value of &quot;ucredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "ucredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one upper-case character be used by setting the &quot;ucredit&quot;
+that at least one upper-case character be used by setting the "ucredit"
 option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    ucredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>30872b23-3704-4462-908c-5ebdbd530478</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf ucredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95733r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    ucredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71903\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one upper-case character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of upper-case characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"ucredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep ucredit /etc/security/pwquality.conf\n    ucredit = -1\n\n    If the value of \\\"ucredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one upper-case character be used by setting the \\\"ucredit\\\"\noption.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    ucredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-71903\"\n  tag rid: \"SV-86527r3_rule\"\n  tag stig_id: \"RHEL-07-010120\"\n  tag fix_id: \"F-78255r1_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('ucredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf ucredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95733r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must label all
-off-loaded audit logs before sending them to the central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+off-loaded audit logs before sending them to the central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
@@ -27645,312 +26414,302 @@ storage capacity.
 
     When audit logs are not labeled before they are sent to a central log
 server, the audit data will not be able to be analyzed and tied back to the
-correct system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+correct system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the audisp daemon is configured to label all off-loaded audit logs:
 
-    # grep &quot;name_format&quot; &#x2F;etc&#x2F;audisp&#x2F;audispd.conf
+    # grep "name_format" /etc/audisp/audispd.conf
 
-    name_format &#x3D; hostname
+    name_format = hostname
 
-    If the &quot;name_format&quot; option is not &quot;hostname&quot;, &quot;fqd&quot;, or &quot;numeric&quot;,
-or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;audispd.conf file and add or update the
-&quot;name_format&quot; option:
+    If the "name_format" option is not "hostname", "fqd", or "numeric",
+or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/audispd.conf file and add or update the
+"name_format" option:
 
-    name_format &#x3D; hostname
+    name_format = hostname
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b20aa1e7-a471-4a7a-b4ff-7da1efddc5d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audispd.conf name_format is expected to match &#x2F;^hostname$|^fqd$|^numeric$&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86675r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81021\" do\n  title \"The Red Hat Enterprise Linux operating system must label all\noff-loaded audit logs before sending them to the central log server.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    When audit logs are not labeled before they are sent to a central log\nserver, the audit data will not be able to be analyzed and tied back to the\ncorrect system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the audisp daemon is configured to label all off-loaded audit logs:\n\n    # grep \\\"name_format\\\" /etc/audisp/audispd.conf\n\n    name_format = hostname\n\n    If the \\\"name_format\\\" option is not \\\"hostname\\\", \\\"fqd\\\", or \\\"numeric\\\",\nor the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/audispd.conf file and add or update the\n\\\"name_format\\\" option:\n\n    name_format = hostname\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81021\"\n  tag rid: \"SV-95733r1_rule\"\n  tag stig_id: \"RHEL-07-030211\"\n  tag fix_id: \"F-87855r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audispd.conf').exist?\n    describe parse_config_file('/etc/audisp/audispd.conf') do\n      its('name_format') { should match %r{^hostname$|^fqd$|^numeric$}i }\n    end\n  else\n    describe \"File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/audisp/audispd.conf name_format is expected to match /^hostname$|^fqd$|^numeric$/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86675r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have cron logging
-implemented.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+implemented.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Cron logging can be used to trace the successful or unsuccessful
 execution of cron jobs. It can also be used to spot intrusions into the use of
-the cron facility by unauthorized and malicious users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that &quot;rsyslog&quot; is configured to log cron events.
-
-    Check the configuration of &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or
-&quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files for the cron facility with the following
+the cron facility by unauthorized and malicious users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that "rsyslog" is configured to log cron events.
+
+    Check the configuration of "/etc/rsyslog.conf" or
+"/etc/rsyslog.d/*.conf" files for the cron facility with the following
 command:
 
     Note: If another logging package is used, substitute the utility
-configuration file for &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files.
+configuration file for "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf" files.
 
-    # grep cron &#x2F;etc&#x2F;rsyslog.conf  &#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf
-    cron.* &#x2F;var&#x2F;log&#x2F;cron.log
+    # grep cron /etc/rsyslog.conf  /etc/rsyslog.d/*.conf
+    cron.* /var/log/cron.log
 
     If the command does not return a response, check for cron logging all
-facilities by inspecting the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot;
+facilities by inspecting the "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf"
 files.
 
     Look for the following entry:
 
-    *.* &#x2F;var&#x2F;log&#x2F;messages
-
-    If &quot;rsyslog&quot; is not logging messages for the cron facility or all
-facilities, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure &quot;rsyslog&quot; to log all cron messages by adding or updating the
-following line to &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;rsyslog.d&#x2F; directory:
-
-    cron.* &#x2F;var&#x2F;log&#x2F;cron.log</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f623198e-158a-469e-a0c0-c3d1307bd619</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep cron &#x2F;etc&#x2F;rsyslog.conf&#x60; stdout.strip is expected to match &#x2F;^cron&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72079</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000038-GPOS-00016</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86703r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    *.* /var/log/messages
+
+    If "rsyslog" is not logging messages for the cron facility or all
+facilities, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure "rsyslog" to log all cron messages by adding or updating the
+following line to "/etc/rsyslog.conf" or a configuration file in the
+/etc/rsyslog.d/ directory:
+
+    cron.* /var/log/cron.log</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72051\" do\n  title \"The Red Hat Enterprise Linux operating system must have cron logging\nimplemented.\"\n  desc  \"Cron logging can be used to trace the successful or unsuccessful\nexecution of cron jobs. It can also be used to spot intrusions into the use of\nthe cron facility by unauthorized and malicious users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that \\\"rsyslog\\\" is configured to log cron events.\n\n    Check the configuration of \\\"/etc/rsyslog.conf\\\" or\n\\\"/etc/rsyslog.d/*.conf\\\" files for the cron facility with the following\ncommand:\n\n    Note: If another logging package is used, substitute the utility\nconfiguration file for \\\"/etc/rsyslog.conf\\\" or \\\"/etc/rsyslog.d/*.conf\\\" files.\n\n    # grep cron /etc/rsyslog.conf  /etc/rsyslog.d/*.conf\n    cron.* /var/log/cron.log\n\n    If the command does not return a response, check for cron logging all\nfacilities by inspecting the \\\"/etc/rsyslog.conf\\\" or \\\"/etc/rsyslog.d/*.conf\\\"\nfiles.\n\n    Look for the following entry:\n\n    *.* /var/log/messages\n\n    If \\\"rsyslog\\\" is not logging messages for the cron facility or all\nfacilities, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure \\\"rsyslog\\\" to log all cron messages by adding or updating the\nfollowing line to \\\"/etc/rsyslog.conf\\\" or a configuration file in the\n/etc/rsyslog.d/ directory:\n\n    cron.* /var/log/cron.log\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72051\"\n  tag rid: \"SV-86675r2_rule\"\n  tag stig_id: \"RHEL-07-021100\"\n  tag fix_id: \"F-78403r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  log_pkg_path = input('log_pkg_path')\n\n  describe.one do\n    describe command(\"grep cron #{log_pkg_path}\") do\n      its('stdout.strip') { should match %r{^cron} }\n    end\n    describe file(\"#{log_pkg_path}\") do\n      its('content') { should match %r{^\\*\\.\\* \\/var\\/log\\/messages\\n?$} }\n      its('content') { should_not match %r{^*.*\\s+~$.*^*\\.\\* \\/var\\/log\\/messages\\n?$}m }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep cron /etc/rsyslog.conf` stdout.strip is expected to match /^cron/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72079</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000038-GPOS-00016</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86703r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that auditing is configured to produce records containing information to
 establish what type of events occurred, where the events occurred, the source
 of the events, and the outcome of the events. These audit records must also
-identify individual identities of group account users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identify individual identities of group account users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without establishing what type of events occurred, it would be
 difficult to establish, correlate, and investigate the events leading up to an
 outage or attack.
 
     Audit record content that may be necessary to satisfy this requirement
 includes, for example, time stamps, source and destination addresses,
-user&#x2F;process identifiers, event descriptions, success&#x2F;fail indications,
+user/process identifiers, event descriptions, success/fail indications,
 filenames involved, and access control or flow control rules invoked.
 
     Associating event types with detected events in the operating system audit
 logs provides a means of investigating an attack; recognizing resource
 utilization or capacity thresholds; or identifying an improperly configured
-operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system produces audit records containing information
 to establish when (date and time) the events occurred.
 
@@ -27959,134 +26718,129 @@ to establish when (date and time) the events occurred.
     # systemctl is-active auditd.service
     active
 
-    If the &quot;auditd&quot; status is not active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "auditd" status is not active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to produce audit records containing
 information to establish when (date and time) the events occurred.
 
     Enable the auditd service with the following command:
 
-    # systemctl start auditd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ad03199c-c78c-46f2-85f2-80aa622e70fe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000131</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service auditd is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72219</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000096-GPOS-00050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86843r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl start auditd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72079\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat auditing is configured to produce records containing information to\nestablish what type of events occurred, where the events occurred, the source\nof the events, and the outcome of the events. These audit records must also\nidentify individual identities of group account users.\"\n  desc  \"Without establishing what type of events occurred, it would be\ndifficult to establish, correlate, and investigate the events leading up to an\noutage or attack.\n\n    Audit record content that may be necessary to satisfy this requirement\nincludes, for example, time stamps, source and destination addresses,\nuser/process identifiers, event descriptions, success/fail indications,\nfilenames involved, and access control or flow control rules invoked.\n\n    Associating event types with detected events in the operating system audit\nlogs provides a means of investigating an attack; recognizing resource\nutilization or capacity thresholds; or identifying an improperly configured\noperating system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system produces audit records containing information\nto establish when (date and time) the events occurred.\n\n    Check to see if auditing is active by issuing the following command:\n\n    # systemctl is-active auditd.service\n    active\n\n    If the \\\"auditd\\\" status is not active, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to produce audit records containing\ninformation to establish when (date and time) the events occurred.\n\n    Enable the auditd service with the following command:\n\n    # systemctl start auditd.service\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000038-GPOS-00016\"\n  tag satisfies: [\"SRG-OS-000038-GPOS-00016\", \"SRG-OS-000039-GPOS-00017\",\n\"SRG-OS-000042-GPOS-00021\", \"SRG-OS-000254-GPOS-00095\",\n\"SRG-OS-000255-GPOS-00096\"]\n  tag gid: \"V-72079\"\n  tag rid: \"SV-86703r3_rule\"\n  tag stig_id: \"RHEL-07-030000\"\n  tag fix_id: \"F-78431r2_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000131\"]\n  tag nist: [\"AU-2 d\", \"AU-3\", \"Rev_4\"]\n\n  describe service('auditd') do\n    it { should be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000131</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service auditd is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72219</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000096-GPOS-00050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86843r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-prohibit or restrict the use of functions, ports, protocols, and&#x2F;or services,
+prohibit or restrict the use of functions, ports, protocols, and/or services,
 as defined in the Ports, Protocols, and Services Management Component Local
-Service Assessment (PPSM CLSA) and vulnerability assessments.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Service Assessment (PPSM CLSA) and vulnerability assessments.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>In order to prevent unauthorized connection of devices, unauthorized
 transfer of information, or unauthorized tunneling (i.e., embedding of data
 types within data types), organizations must disable or restrict unused or
-unnecessary physical and logical ports&#x2F;protocols on information systems.
+unnecessary physical and logical ports/protocols on information systems.
 
     Operating systems are capable of providing a wide variety of functions and
 services. Some of the functions and services provided by default may not be
@@ -28097,19 +26851,19 @@ services provided by any one component.
 
     To support the requirements and principles of least functionality, the
 operating system must support the organizational requirements, providing only
-essential capabilities and limiting the use of ports, protocols, and&#x2F;or
+essential capabilities and limiting the use of ports, protocols, and/or
 services to only those required, authorized, and approved to conduct official
-business or to address authorized quality of life issues.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+business or to address authorized quality of life issues.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inspect the firewall configuration and running services to verify that it
 is configured to prohibit or restrict the use of functions, ports, protocols,
-and&#x2F;or services that are unnecessary or prohibited.
+and/or services that are unnecessary or prohibited.
 
     Check which services are currently active with the following command:
 
@@ -28129,130 +26883,123 @@ services allowed by the firewall match the PPSM CLSA.
 
     If there are additional ports, protocols, or services that are not in the
 PPSM CLSA, or there are ports, protocols, or services that are prohibited by
-the PPSM Category Assurance List (CAL), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Update the host&#39;s firewall settings and&#x2F;or running services to
-comply with the PPSM CLSA for the site or program and the PPSM CAL.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>67353682-fd91-40b2-ad43-af3ce3874c54</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Firewalld zones are not specified. Check &#39;firewalld_zones&#39; input. is expected to equal false
-
+the PPSM Category Assurance List (CAL), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Update the host's firewall settings and/or running services to
+comply with the PPSM CLSA for the site or program and the PPSM CAL.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72219\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nprohibit or restrict the use of functions, ports, protocols, and/or services,\nas defined in the Ports, Protocols, and Services Management Component Local\nService Assessment (PPSM CLSA) and vulnerability assessments.\"\n  desc  \"In order to prevent unauthorized connection of devices, unauthorized\ntransfer of information, or unauthorized tunneling (i.e., embedding of data\ntypes within data types), organizations must disable or restrict unused or\nunnecessary physical and logical ports/protocols on information systems.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services provided by default may not be\nnecessary to support essential organizational operations. Additionally, it is\nsometimes convenient to provide multiple services from a single component\n(e.g., VPN and IPS); however, doing so increases risk over limiting the\nservices provided by any one component.\n\n    To support the requirements and principles of least functionality, the\noperating system must support the organizational requirements, providing only\nessential capabilities and limiting the use of ports, protocols, and/or\nservices to only those required, authorized, and approved to conduct official\nbusiness or to address authorized quality of life issues.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Inspect the firewall configuration and running services to verify that it\nis configured to prohibit or restrict the use of functions, ports, protocols,\nand/or services that are unnecessary or prohibited.\n\n    Check which services are currently active with the following command:\n\n    # firewall-cmd --list-all\n    public (default, active)\n      interfaces: enp0s3\n      sources:\n      services: dhcpv6-client dns http https ldaps rpc-bind ssh\n      ports:\n      masquerade: no\n      forward-ports:\n      icmp-blocks:\n      rich rules:\n\n    Ask the System Administrator for the site or program PPSM CLSA. Verify the\nservices allowed by the firewall match the PPSM CLSA.\n\n    If there are additional ports, protocols, or services that are not in the\nPPSM CLSA, or there are ports, protocols, or services that are prohibited by\nthe PPSM Category Assurance List (CAL), this is a finding.\n  \"\n  desc  \"fix\", \"Update the host's firewall settings and/or running services to\ncomply with the PPSM CLSA for the site or program and the PPSM CAL.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000096-GPOS-00050\"\n  tag satisfies: [\"SRG-OS-000096-GPOS-00050\", \"SRG-OS-000297-GPOS-00115\"]\n  tag gid: \"V-72219\"\n  tag rid: \"SV-86843r2_rule\"\n  tag stig_id: \"RHEL-07-040100\"\n  tag fix_id: \"F-78573r1_fix\"\n  tag cci: [\"CCI-000382\", \"CCI-002314\"]\n  tag nist: [\"CM-7 b\", \"AC-17 (1)\", \"Rev_4\"]\n\n  firewalld_services_deny = input('firewalld_services_deny')\n  firewalld_hosts_deny = input('firewalld_hosts_deny')\n  firewalld_ports_deny = input('firewalld_ports_deny')\n  firewalld_zones = input('firewalld_zones')\n  iptables_rules = input('iptables_rules')\n\n  if service('firewalld').running?\n\n    # Check that the rules specified in 'firewalld_host_deny' are not enabled\n    describe firewalld do\n      firewalld_hosts_deny.each do |rule|\n        it { should_not have_rule_enabled(rule) }\n      end\n    end\n\n    # Check to make sure zones are specified\n    if firewalld_zones.empty?\n      describe \"Firewalld zones are not specified. Check 'firewalld_zones' input.\" do\n        subject { firewalld_zones.empty? }\n        it { should be false }\n      end\n    end\n\n    # Check that the services specified in 'firewalld_services_deny' and\n    # ports specified in 'firewalld_ports_deny' are not enabled\n    firewalld_zones.each do |zone|\n      if firewalld.has_zone?(zone)\n        zone_services = firewalld_services_deny[\"public\"]\n        zone_ports = firewalld_ports_deny[zone]\n\n        if !zone_services.nil?\n          describe firewalld do\n            zone_services.each do |serv|\n              it { should_not have_service_enabled_in_zone(serv,zone) }\n            end\n          end\n        else\n          describe \"Services for zone '#{zone}' are not specified. Check 'firewalld_services_deny' input.\" do\n            subject { zone_services.nil? }\n            it { should be false }\n          end\n        end\n\n        if !zone_ports.nil?\n          describe firewalld do\n            zone_ports.each do |port|\n              it { should_not have_port_enabled_in_zone(port,zone) }\n            end\n          end\n        else\n          describe \"Ports for zone '#{zone}' are not specified. Check 'firewalld_ports_deny' input.\" do\n            subject { zone_ports.nil? }\n            it { should be false }\n          end\n        end\n      else\n        describe \"Firewalld zone '#{zone}' exists\" do\n          subject { firewalld.has_zone?(zone) }\n          it { should be true }\n        end\n      end\n    end\n  elsif service('iptables').running?\n    describe iptables do\n      iptables_rules.each do |rule|\n        it { should have_rule(rule) }\n      end\n    end\n  else\n    describe \"No application firewall is installed\" do\n      subject { service('firewalld').running? || service('iptables').running? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Firewalld zones are not specified. Check 'firewalld_zones' input. is expected to equal false :: MESSAGE 
 expected false
-     got true
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86859r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+     got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86859r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all networked systems use SSH for confidentiality and integrity of
 transmitted and received information as well as information during preparation
-for transmission.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+for transmission.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without protection of the transmitted information, confidentiality and
 integrity may be compromised because unprotected communications can be
 intercepted and either read or altered.
@@ -28268,1048 +27015,1007 @@ interception and modification.
 can be accomplished by physical means (e.g., employing physical distribution
 systems) or by logical means (e.g., employing cryptographic techniques). If
 physical means of protection are employed, then logical means (cryptography) do
-not have to be employed, and vice versa.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+not have to be employed, and vice versa.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify SSH is loaded and active with the following command:
 
     # systemctl status sshd
     sshd.service - OpenSSH server daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sshd.service; enabled)
+    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
     Active: active (running) since Tue 2015-11-17 15:17:22 EST; 4 weeks 0 days
 ago
     Main PID: 1348 (sshd)
-    CGroup: &#x2F;system.slice&#x2F;sshd.service
-    1053 &#x2F;usr&#x2F;sbin&#x2F;sshd -D
-
-    If &quot;sshd&quot; does not show a status of &quot;active&quot; and &quot;running&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    CGroup: /system.slice/sshd.service
+    1053 /usr/sbin/sshd -D
+
+    If "sshd" does not show a status of "active" and "running", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH service to automatically start after reboot with the
 following command:
 
-    # systemctl enable sshd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4d64c12a-7290-4a7e-9796-0302bd78cc41</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service sshd.service is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86903r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040550</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl enable sshd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72235\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all networked systems use SSH for confidentiality and integrity of\ntransmitted and received information as well as information during preparation\nfor transmission.\"\n  desc  \"Without protection of the transmitted information, confidentiality and\nintegrity may be compromised because unprotected communications can be\nintercepted and either read or altered.\n\n    This requirement applies to both internal and external networks and all\ntypes of information system components from which information can be\ntransmitted (e.g., servers, mobile devices, notebook computers, printers,\ncopiers, scanners, and facsimile machines). Communication paths outside the\nphysical protection of a controlled boundary are exposed to the possibility of\ninterception and modification.\n\n    Protecting the confidentiality and integrity of organizational information\ncan be accomplished by physical means (e.g., employing physical distribution\nsystems) or by logical means (e.g., employing cryptographic techniques). If\nphysical means of protection are employed, then logical means (cryptography) do\nnot have to be employed, and vice versa.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify SSH is loaded and active with the following command:\n\n    # systemctl status sshd\n    sshd.service - OpenSSH server daemon\n    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)\n    Active: active (running) since Tue 2015-11-17 15:17:22 EST; 4 weeks 0 days\nago\n    Main PID: 1348 (sshd)\n    CGroup: /system.slice/sshd.service\n    1053 /usr/sbin/sshd -D\n\n    If \\\"sshd\\\" does not show a status of \\\"active\\\" and \\\"running\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH service to automatically start after reboot with the\nfollowing command:\n\n    # systemctl enable sshd.service\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000423-GPOS-00187\"\n  tag satisfies: [\"SRG-OS-000423-GPOS-00187\", \"SRG-OS-000423-GPOS-00188\",\n\"SRG-OS-000423-GPOS-00189\", \"SRG-OS-000423-GPOS-00190\"]\n  tag gid: \"V-72235\"\n  tag rid: \"SV-86859r3_rule\"\n  tag stig_id: \"RHEL-07-040310\"\n  tag fix_id: \"F-78589r2_fix\"\n  tag cci: [\"CCI-002418\", \"CCI-002420\", \"CCI-002421\", \"CCI-002422\"]\n  tag nist: [\"SC-8\", \"SC-8 (2)\", \"SC-8 (1)\", \"SC-8 (2)\", \"Rev_4\"]\n\n  describe systemd_service('sshd.service') do\n    it { should be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service sshd.service is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72279</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86903r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040550</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not contain
-shosts.equiv files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+shosts.equiv files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The shosts.equiv files are used to configure host-based authentication
 for the system via SSH. Host-based authentication is not sufficient for
 preventing unauthorized access to the system, as it does not require
 interactive identification and authentication of a connection request, or for
-the use of two-factor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify there are no &quot;shosts.equiv&quot; files on the system.
+the use of two-factor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify there are no "shosts.equiv" files on the system.
 
     Check the system for the existence of these files with the following
 command:
 
-    # find &#x2F; -name shosts.equiv
-
-    If any &quot;shosts.equiv&quot; files are found on the system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove any found &quot;shosts.equiv&quot; files from the system.
-
-# rm &#x2F;[path]&#x2F;[to]&#x2F;[file]&#x2F;shosts.equiv</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cb5610cd-a56d-4fcb-aed4-2ba6bfd2d8f0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -name shosts.equiv&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86769r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # find / -name shosts.equiv
+
+    If any "shosts.equiv" files are found on the system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove any found "shosts.equiv" files from the system.
+
+# rm /[path]/[to]/[file]/shosts.equiv</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72279\" do\n  title \"The Red Hat Enterprise Linux operating system must not contain\nshosts.equiv files.\"\n  desc  \"The shosts.equiv files are used to configure host-based authentication\nfor the system via SSH. Host-based authentication is not sufficient for\npreventing unauthorized access to the system, as it does not require\ninteractive identification and authentication of a connection request, or for\nthe use of two-factor authentication.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify there are no \\\"shosts.equiv\\\" files on the system.\n\n    Check the system for the existence of these files with the following\ncommand:\n\n    # find / -name shosts.equiv\n\n    If any \\\"shosts.equiv\\\" files are found on the system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove any found \\\"shosts.equiv\\\" files from the system.\n\n    # rm /[path]/[to]/[file]/shosts.equiv\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72279\"\n  tag rid: \"SV-86903r2_rule\"\n  tag stig_id: \"RHEL-07-040550\"\n  tag fix_id: \"F-78633r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command('find / -xautofs -name shosts.equiv') do\n    its('stdout.strip') { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -name shosts.equiv` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86769r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
-records for all unsuccessful account access events.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records for all unsuccessful account access events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when unsuccessful
 account access events occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 commands:
 
-    # grep -i &#x2F;var&#x2F;run&#x2F;faillock &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /var/run/faillock /etc/audit/audit.rules
 
-    -w &#x2F;var&#x2F;run&#x2F;faillock -p wa -k logins
+    -w /var/run/faillock -p wa -k logins
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when unsuccessful
 account access events occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;var&#x2F;run&#x2F;faillock -p wa -k logins
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>662847e6-aedf-4dcf-b0c6-dc4ea13f2288</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-94843</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-104673r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /var/run/faillock -p wa -k logins
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72145\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all unsuccessful account access events.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when unsuccessful\naccount access events occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommands:\n\n    # grep -i /var/run/faillock /etc/audit/audit.rules\n\n    -w /var/run/faillock -p wa -k logins\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when unsuccessful\naccount access events occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /var/run/faillock -p wa -k logins\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000470-GPOS-00214\",\n\"SRG-OS-000473-GPOS-00218\"]\n  tag gid: \"V-72145\"\n  tag rid: \"SV-86769r4_rule\"\n  tag stig_id: \"RHEL-07-030610\"\n  tag fix_id: \"F-78497r4_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/var/run/faillock'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/var/run/faillock" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/var/run/faillock" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-94843</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-104673r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A locally logged-on user who presses Ctrl-Alt-Delete, when at the
 console, can reboot the system. If accidentally pressed, as could happen in the
 case of a mixed OS environment, this can create the risk of short-term loss of
 availability of systems due to unintentional reboot. In the GNOME graphical
 environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is
-reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is not configured to reboot the system when
 Ctrl-Alt-Delete is pressed.
 
     Check that the ctrl-alt-del.target is masked and not active in the GUI with
 the following command:
 
-    # grep logout &#x2F;etc&#x2F;dconf&#x2F;local.d&#x2F;*
+    # grep logout /etc/dconf/local.d/*
 
-    logout&#x3D;&#39;&#39;
+    logout=''
 
-    If &quot;logout&quot; is not set to use two single quotations, or is missing, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "logout" is not set to use two single quotations, or is missing, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable the Ctrl-Alt-Delete sequence for the GUI
 with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-disable-CAD
+    # touch /etc/dconf/db/local.d/00-disable-CAD
 
     Add the setting to disable the Ctrl-Alt-Delete sequence for GNOME:
 
-    [org&#x2F;gnome&#x2F;settings-daemon&#x2F;plugins&#x2F;media-keys]
-    logout&#x3D;&#39;&#39;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fa283771-47ff-4c76-8a1c-ceac1ff98308</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72249</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86873r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    [org/gnome/settings-daemon/plugins/media-keys]
+    logout=''</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-94843\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.\"\n  desc  \"A locally logged-on user who presses Ctrl-Alt-Delete, when at the\nconsole, can reboot the system. If accidentally pressed, as could happen in the\ncase of a mixed OS environment, this can create the risk of short-term loss of\navailability of systems due to unintentional reboot. In the GNOME graphical\nenvironment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is\nreduced because the user will be prompted before any action is taken.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is not configured to reboot the system when\nCtrl-Alt-Delete is pressed.\n\n    Check that the ctrl-alt-del.target is masked and not active in the GUI with\nthe following command:\n\n    # grep logout /etc/dconf/local.d/*\n\n    logout=''\n\n    If \\\"logout\\\" is not set to use two single quotations, or is missing, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable the Ctrl-Alt-Delete sequence for the GUI\nwith the following command:\n\n    # touch /etc/dconf/db/local.d/00-disable-CAD\n\n    Add the setting to disable the Ctrl-Alt-Delete sequence for GNOME:\n\n    [org/gnome/settings-daemon/plugins/media-keys]\n    logout=''\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-94843\"\n  tag rid: \"SV-104673r1_rule\"\n  tag stig_id: \"RHEL-07-020231\"\n  tag fix_id: \"F-100967r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  unless package('gnome-settings-daemon').installed?\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  else \n    describe command(\"gsettings get org.gnome.settings-daemon.media-keys logout\") do\n      its('stdout.strip') { should cmp \"''\" }\n    end \n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72249</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86873r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040380</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow authentication using known hosts
-authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not allow authentication using known hosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;IgnoreUserKnownHosts&quot; option is set,
+    To determine how the SSH daemon's "IgnoreUserKnownHosts" option is set,
 run the following command:
 
-    # grep -i IgnoreUserKnownHosts &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i IgnoreUserKnownHosts /etc/ssh/sshd_config
 
     IgnoreUserKnownHosts yes
 
-    If the value is returned as &quot;no&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "no", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using known hosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;yes&quot;:
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "yes":
 
     IgnoreUserKnownHosts yes
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a1b1a6d3-4449-4504-b9dd-8a2498bc60e5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration IgnoreUserKnownHosts is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73159</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87811r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010119</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72249\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using known hosts\nauthentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not allow authentication using known hosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"IgnoreUserKnownHosts\\\" option is set,\nrun the following command:\n\n    # grep -i IgnoreUserKnownHosts /etc/ssh/sshd_config\n\n    IgnoreUserKnownHosts yes\n\n    If the value is returned as \\\"no\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using known hosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"yes\\\":\n\n    IgnoreUserKnownHosts yes\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72249\"\n  tag rid: \"SV-86873r3_rule\"\n  tag stig_id: \"RHEL-07-040380\"\n  tag fix_id: \"F-78603r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('IgnoreUserKnownHosts') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration IgnoreUserKnownHosts is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73159</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87811r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010119</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, pwquality
-must be used.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must be used.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
-and brute-force attacks. &quot;pwquality&quot; enforces complex password construction
-configuration and has the ability to limit brute-force attacks on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system uses &quot;pwquality&quot; to enforce the password
+and brute-force attacks. "pwquality" enforces complex password construction
+configuration and has the ability to limit brute-force attacks on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system uses "pwquality" to enforce the password
 complexity rules.
 
-    Check for the use of &quot;pwquality&quot; with the following command:
+    Check for the use of "pwquality" with the following command:
 
-    # cat &#x2F;etc&#x2F;pam.d&#x2F;system-auth | grep pam_pwquality
+    # cat /etc/pam.d/system-auth | grep pam_pwquality
 
-    password required pam_pwquality.so retry&#x3D;3
+    password required pam_pwquality.so retry=3
 
     If the command does not return an uncommented line containing the value
-&quot;pam_pwquality.so&quot;, this is a finding.
-
-    If the value of &quot;retry&quot; is set to &quot;0&quot; or greater than &quot;3&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to use &quot;pwquality&quot; to enforce password
+"pam_pwquality.so", this is a finding.
+
+    If the value of "retry" is set to "0" or greater than "3", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to use "pwquality" to enforce password
 complexity rules.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; (or modify the line to
+    Add the following line to "/etc/pam.d/system-auth" (or modify the line to
 have the required value):
 
-    password required pam_pwquality.so retry&#x3D;3
-
-    Note: The value of &quot;retry&quot; should be between &quot;1&quot; and &quot;3&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a26b4557-ec16-4418-9f5d-c01ea08c701f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &gt;&#x3D; 1
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &lt;&#x3D; 3</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86681r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    password required pam_pwquality.so retry=3
+
+    Note: The value of "retry" should be between "1" and "3".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73159\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, pwquality\nmust be used.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks. \\\"pwquality\\\" enforces complex password construction\nconfiguration and has the ability to limit brute-force attacks on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uses \\\"pwquality\\\" to enforce the password\ncomplexity rules.\n\n    Check for the use of \\\"pwquality\\\" with the following command:\n\n    # cat /etc/pam.d/system-auth | grep pam_pwquality\n\n    password required pam_pwquality.so retry=3\n\n    If the command does not return an uncommented line containing the value\n\\\"pam_pwquality.so\\\", this is a finding.\n\n    If the value of \\\"retry\\\" is set to \\\"0\\\" or greater than \\\"3\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to use \\\"pwquality\\\" to enforce password\ncomplexity rules.\n\n    Add the following line to \\\"/etc/pam.d/system-auth\\\" (or modify the line to\nhave the required value):\n\n    password required pam_pwquality.so retry=3\n\n    Note: The value of \\\"retry\\\" should be between \\\"1\\\" and \\\"3\\\".\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-73159\"\n  tag rid: \"SV-87811r4_rule\"\n  tag stig_id: \"RHEL-07-010119\"\n  tag fix_id: \"F-79605r5_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  max_retry = input('max_retry')\n\n  describe pam('/etc/pam.d/passwd') do\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so') }\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so').all_with_integer_arg('retry', '&gt;=', 1) }\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so').all_with_integer_arg('retry', '&lt;=', max_retry) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &gt;= 1
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &lt;= 3</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86681r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable Kernel core
-dumps unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+dumps unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Kernel core dumps may contain the full contents of system memory at
 the time of the crash. Kernel core dumps may consume a considerable amount of
 disk space and may result in denial of service by exhausting the available
-space on the target file system partition.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+space on the target file system partition.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that kernel core dumps are disabled unless needed.
 
-    Check the status of the &quot;kdump&quot; service with the following command:
+    Check the status of the "kdump" service with the following command:
 
     # systemctl status kdump.service
     kdump.service - Crash recovery kernel arming
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;kdump.service; enabled)
+       Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled)
        Active: active (exited) since Wed 2015-08-26 13:08:09 EDT; 43min ago
-     Main PID: 1130 (code&#x3D;exited, status&#x3D;0&#x2F;SUCCESS)
+     Main PID: 1130 (code=exited, status=0/SUCCESS)
     kernel arming.
 
-    If the &quot;kdump&quot; service is active, ask the System Administrator if the use
+    If the "kdump" service is active, ask the System Administrator if the use
 of the service is required and documented with the Information System Security
 Officer (ISSO).
 
-    If the service is active and is not documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If kernel core dumps are not required, disable the &quot;kdump&quot; service with
+    If the service is active and is not documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If kernel core dumps are not required, disable the "kdump" service with
 the following command:
 
     # systemctl disable kdump.service
 
-    If kernel core dumps are required, document the need with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9a726d26-5d41-4963-bdfe-734007181dee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service kdump.service is expected not to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86713r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If kernel core dumps are required, document the need with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72057\" do\n  title \"The Red Hat Enterprise Linux operating system must disable Kernel core\ndumps unless needed.\"\n  desc  \"Kernel core dumps may contain the full contents of system memory at\nthe time of the crash. Kernel core dumps may consume a considerable amount of\ndisk space and may result in denial of service by exhausting the available\nspace on the target file system partition.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that kernel core dumps are disabled unless needed.\n\n    Check the status of the \\\"kdump\\\" service with the following command:\n\n    # systemctl status kdump.service\n    kdump.service - Crash recovery kernel arming\n       Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled)\n       Active: active (exited) since Wed 2015-08-26 13:08:09 EDT; 43min ago\n     Main PID: 1130 (code=exited, status=0/SUCCESS)\n    kernel arming.\n\n    If the \\\"kdump\\\" service is active, ask the System Administrator if the use\nof the service is required and documented with the Information System Security\nOfficer (ISSO).\n\n    If the service is active and is not documented, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If kernel core dumps are not required, disable the \\\"kdump\\\" service with\nthe following command:\n\n    # systemctl disable kdump.service\n\n    If kernel core dumps are required, document the need with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72057\"\n  tag rid: \"SV-86681r2_rule\"\n  tag stig_id: \"RHEL-07-021300\"\n  tag fix_id: \"F-78409r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe systemd_service('kdump.service') do\n    it { should_not be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service kdump.service is expected not to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72089</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86713r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate an action
 to notify the System Administrator (SA) and Information System Security Officer
 ISSO, at a minimum, when allocated audit record storage volume reaches 75% of
-the repository maximum audit record storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the repository maximum audit record storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when storage volume
 reaches 75 percent utilization, they are unable to plan for audit record
-storage capacity expansion.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity expansion.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates an action to notify the SA and ISSO
 (at a minimum) when allocated audit record storage volume reaches 75 percent of
 the repository maximum audit record storage capacity.
@@ -29317,34 +28023,34 @@ the repository maximum audit record storage capacity.
     Check the system configuration to determine the partition the audit records
 are being written to with the following command:
 
-    # grep -iw log_file &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    log_file &#x3D; &#x2F;var&#x2F;log&#x2F;audit&#x2F;audit.log
+    # grep -iw log_file /etc/audit/auditd.conf
+    log_file = /var/log/audit/audit.log
 
     Check the size of the partition that audit records are written to (with the
-example being &quot;&#x2F;var&#x2F;log&#x2F;audit&#x2F;&quot;):
+example being "/var/log/audit/"):
 
-    # df -h &#x2F;var&#x2F;log&#x2F;audit&#x2F;
-    0.9G &#x2F;var&#x2F;log&#x2F;audit
+    # df -h /var/log/audit/
+    0.9G /var/log/audit
 
     If the audit records are not being written to a partition specifically
-created for audit records (in this example &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is a separate
+created for audit records (in this example "/var/log/audit" is a separate
 partition), determine the amount of space other files in the partition are
 currently occupying with the following command:
 
     # du -sh &lt;partition&gt;
-    1.8G &#x2F;var
+    1.8G /var
 
     Determine what the threshold is for the system to take action when 75
 percent of the repository maximum audit record storage capacity is reached:
 
-    # grep -iw space_left &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    space_left &#x3D; 225
+    # grep -iw space_left /etc/audit/auditd.conf
+    space_left = 225
 
-    If the value of the &quot;space_left&quot; keyword is not set to 25 percent of the
-total partition size, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "space_left" keyword is not set to 25 percent of the
+total partition size, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate an action to notify the SA and
 ISSO (at a minimum) when allocated audit record storage volume reaches 75
 percent of the repository maximum audit record storage capacity.
@@ -29352,155 +28058,150 @@ percent of the repository maximum audit record storage capacity.
     Check the system configuration to determine the partition the audit records
 are being written to:
 
-    # grep -iw log_file &#x2F;etc&#x2F;audit&#x2F;auditd.conf
+    # grep -iw log_file /etc/audit/auditd.conf
 
     Determine the size of the partition that audit records are written to (with
-the example being &quot;&#x2F;var&#x2F;log&#x2F;audit&#x2F;&quot;):
-
-    # df -h &#x2F;var&#x2F;log&#x2F;audit&#x2F;
-
-    Set the value of the &quot;space_left&quot; keyword in &quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot;
-to 25 percent of the partition size.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>45c58c85-63ac-46fa-ba94-e62d03c736c7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config space_left.to_i is expected to be &gt;&#x3D; 7676</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72315</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86939r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040810</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+the example being "/var/log/audit/"):
+
+    # df -h /var/log/audit/
+
+    Set the value of the "space_left" keyword in "/etc/audit/auditd.conf"
+to 25 percent of the partition size.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72089\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate an action\nto notify the System Administrator (SA) and Information System Security Officer\nISSO, at a minimum, when allocated audit record storage volume reaches 75% of\nthe repository maximum audit record storage capacity.\"\n  desc  \"If security personnel are not notified immediately when storage volume\nreaches 75 percent utilization, they are unable to plan for audit record\nstorage capacity expansion.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates an action to notify the SA and ISSO\n(at a minimum) when allocated audit record storage volume reaches 75 percent of\nthe repository maximum audit record storage capacity.\n\n    Check the system configuration to determine the partition the audit records\nare being written to with the following command:\n\n    # grep -iw log_file /etc/audit/auditd.conf\n    log_file = /var/log/audit/audit.log\n\n    Check the size of the partition that audit records are written to (with the\nexample being \\\"/var/log/audit/\\\"):\n\n    # df -h /var/log/audit/\n    0.9G /var/log/audit\n\n    If the audit records are not being written to a partition specifically\ncreated for audit records (in this example \\\"/var/log/audit\\\" is a separate\npartition), determine the amount of space other files in the partition are\ncurrently occupying with the following command:\n\n    # du -sh &lt;partition&gt;\n    1.8G /var\n\n    Determine what the threshold is for the system to take action when 75\npercent of the repository maximum audit record storage capacity is reached:\n\n    # grep -iw space_left /etc/audit/auditd.conf\n    space_left = 225\n\n    If the value of the \\\"space_left\\\" keyword is not set to 25 percent of the\ntotal partition size, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate an action to notify the SA and\nISSO (at a minimum) when allocated audit record storage volume reaches 75\npercent of the repository maximum audit record storage capacity.\n\n    Check the system configuration to determine the partition the audit records\nare being written to:\n\n    # grep -iw log_file /etc/audit/auditd.conf\n\n    Determine the size of the partition that audit records are written to (with\nthe example being \\\"/var/log/audit/\\\"):\n\n    # df -h /var/log/audit/\n\n    Set the value of the \\\"space_left\\\" keyword in \\\"/etc/audit/auditd.conf\\\"\nto 25 percent of the partition size.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72089\"\n  tag rid: \"SV-86713r4_rule\"\n  tag stig_id: \"RHEL-07-030330\"\n  tag fix_id: \"F-78441r3_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  if((f = file(audit_log_dir = command(\"dirname #{auditd_conf.log_file}\").stdout.strip)).directory?)\n    # Fetch partition sizes in 1K blocks for consistency\n    partition_info = command(\"df -B 1K #{audit_log_dir}\").stdout.split(\"\\n\")\n    partition_sz_arr = partition_info.last.gsub(/\\s+/m, ' ').strip.split(\" \")\n\n    # Get partition size\n    partition_sz = partition_sz_arr[1]\n\n    # Convert to MB and get 25%\n    exp_space_left = partition_sz.to_i / 1024 / 4\n\n    describe auditd_conf do\n      its('space_left.to_i') { should be &gt;= exp_space_left }\n    end\n  else\n    describe f.directory? do\n     it { should be true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config space_left.to_i is expected to be &gt;= 7676</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72315</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86939r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040810</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system access control program
 must be configured to grant or deny system access to specific hosts and
-services.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+services.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the systems access control program is not configured with
 appropriate rules for allowing and denying access to system network resources,
-services may be accessible to unauthorized hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the &quot;firewalld&quot; package is not installed, ask the System Administrator
+services may be accessible to unauthorized hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the "firewalld" package is not installed, ask the System Administrator
 (SA) if another firewall application (such as iptables) is installed. If an
 application firewall is not installed, this is a finding.
 
-    Verify the system&#39;s access control program is configured to grant or deny
+    Verify the system's access control program is configured to grant or deny
 system access to specific hosts.
 
-    Check to see if &quot;firewalld&quot; is active with the following command:
+    Check to see if "firewalld" is active with the following command:
 
     # systemctl status firewalld
     firewalld.service - firewalld - dynamic firewall daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;firewalld.service; enabled)
+    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
     Active: active (running) since Sun 2014-04-20 14:06:46 BST; 30s ago
 
-    If &quot;firewalld&quot; is active, check to see if it is configured to grant or
+    If "firewalld" is active, check to see if it is configured to grant or
 deny access to specific hosts or services with the following commands:
 
     # firewall-cmd --get-default-zone
     public
 
-    # firewall-cmd --list-all --zone&#x3D;public
+    # firewall-cmd --list-all --zone=public
     public (active)
     target: default
     icmp-block-inversion: no
@@ -29513,282 +28214,272 @@ deny access to specific hosts or services with the following commands:
     forward-ports:
     icmp-blocks:
 
-    If &quot;firewalld&quot; is not active, determine whether &quot;tcpwrappers&quot; is being
-used by checking whether the &quot;hosts.allow&quot; and &quot;hosts.deny&quot; files are empty
+    If "firewalld" is not active, determine whether "tcpwrappers" is being
+used by checking whether the "hosts.allow" and "hosts.deny" files are empty
 with the following commands:
 
-    # ls -al &#x2F;etc&#x2F;hosts.allow
-    rw-r----- 1 root root 9 Aug 2 23:13 &#x2F;etc&#x2F;hosts.allow
+    # ls -al /etc/hosts.allow
+    rw-r----- 1 root root 9 Aug 2 23:13 /etc/hosts.allow
 
-    # ls -al &#x2F;etc&#x2F;hosts.deny
-    -rw-r----- 1 root root 9 Apr 9 2007 &#x2F;etc&#x2F;hosts.deny
+    # ls -al /etc/hosts.deny
+    -rw-r----- 1 root root 9 Apr 9 2007 /etc/hosts.deny
 
-    If &quot;firewalld&quot; and &quot;tcpwrappers&quot; are not installed, configured, and
+    If "firewalld" and "tcpwrappers" are not installed, configured, and
 active, ask the SA if another access control program (such as iptables) is
 installed and active. Ask the SA to show that the running configuration grants
 or denies access to specific hosts or services.
 
-    If &quot;firewalld&quot; is active and is not configured to grant access to
-specific hosts or &quot;tcpwrappers&quot; is not configured to grant or deny access to
-specific hosts, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If &quot;firewalld&quot; is installed and active on the system, configure rules for
+    If "firewalld" is active and is not configured to grant access to
+specific hosts or "tcpwrappers" is not configured to grant or deny access to
+specific hosts, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If "firewalld" is installed and active on the system, configure rules for
 allowing specific services and hosts.
 
-    If &quot;firewalld&quot; is not &quot;active&quot;, enable &quot;tcpwrappers&quot; by configuring
-&quot;&#x2F;etc&#x2F;hosts.allow&quot; and &quot;&#x2F;etc&#x2F;hosts.deny&quot; to allow or deny access to
-specific hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>018cff2c-c802-4668-83ff-ee62c7bec1bf</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Firewall Rules with services is expected to be in</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72311</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86935r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040750</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "firewalld" is not "active", enable "tcpwrappers" by configuring
+"/etc/hosts.allow" and "/etc/hosts.deny" to allow or deny access to
+specific hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72315\" do\n  title \"The Red Hat Enterprise Linux operating system access control program\nmust be configured to grant or deny system access to specific hosts and\nservices.\"\n  desc  \"If the systems access control program is not configured with\nappropriate rules for allowing and denying access to system network resources,\nservices may be accessible to unauthorized hosts.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If the \\\"firewalld\\\" package is not installed, ask the System Administrator\n(SA) if another firewall application (such as iptables) is installed. If an\napplication firewall is not installed, this is a finding.\n\n    Verify the system's access control program is configured to grant or deny\nsystem access to specific hosts.\n\n    Check to see if \\\"firewalld\\\" is active with the following command:\n\n    # systemctl status firewalld\n    firewalld.service - firewalld - dynamic firewall daemon\n    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)\n    Active: active (running) since Sun 2014-04-20 14:06:46 BST; 30s ago\n\n    If \\\"firewalld\\\" is active, check to see if it is configured to grant or\ndeny access to specific hosts or services with the following commands:\n\n    # firewall-cmd --get-default-zone\n    public\n\n    # firewall-cmd --list-all --zone=public\n    public (active)\n    target: default\n    icmp-block-inversion: no\n    interfaces: eth0\n    sources:\n    services: mdns ssh\n    ports:\n    protocols:\n    masquerade: no\n    forward-ports:\n    icmp-blocks:\n\n    If \\\"firewalld\\\" is not active, determine whether \\\"tcpwrappers\\\" is being\nused by checking whether the \\\"hosts.allow\\\" and \\\"hosts.deny\\\" files are empty\nwith the following commands:\n\n    # ls -al /etc/hosts.allow\n    rw-r----- 1 root root 9 Aug 2 23:13 /etc/hosts.allow\n\n    # ls -al /etc/hosts.deny\n    -rw-r----- 1 root root 9 Apr 9 2007 /etc/hosts.deny\n\n    If \\\"firewalld\\\" and \\\"tcpwrappers\\\" are not installed, configured, and\nactive, ask the SA if another access control program (such as iptables) is\ninstalled and active. Ask the SA to show that the running configuration grants\nor denies access to specific hosts or services.\n\n    If \\\"firewalld\\\" is active and is not configured to grant access to\nspecific hosts or \\\"tcpwrappers\\\" is not configured to grant or deny access to\nspecific hosts, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If \\\"firewalld\\\" is installed and active on the system, configure rules for\nallowing specific services and hosts.\n\n    If \\\"firewalld\\\" is not \\\"active\\\", enable \\\"tcpwrappers\\\" by configuring\n\\\"/etc/hosts.allow\\\" and \\\"/etc/hosts.deny\\\" to allow or deny access to\nspecific hosts.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72315\"\n  tag rid: \"SV-86939r3_rule\"\n  tag stig_id: \"RHEL-07-040810\"\n  tag fix_id: \"F-78669r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  firewalld_services = input('firewalld_services')\n  firewalld_hosts_allow = input('firewalld_hosts_allow')\n  firewalld_hosts_deny = input('firewalld_hosts_deny')\n  firewalld_ports_allow = input('firewalld_ports_allow')\n  firewalld_ports_deny = input('firewalld_ports_deny')\n  tcpwrappers_allow = input('tcpwrappers_allow')\n  tcpwrappers_deny = input('tcpwrappers_deny')\n  iptable_rules = input('iptables_rules')\n\n  if service('firewalld').running?\n    @default_zone = firewalld.default_zone\n\n    describe firewalld.where{ zone = @default_zone } do\n      its('services') { should be_in firewalld_services }\n    end\n\n    describe firewalld do\n      firewalld_hosts_allow.each do |rule|\n        it { should have_rule_enabled(rule) }\n      end\n      firewalld_hosts_deny.each do |rule|\n        it { should_not have_rule_enabled(rule) }\n      end\n      firewalld_ports_allow.each do |port|\n        it { should have_port_enabled_in_zone(port) }\n      end\n      firewalld_ports_deny.each do |port|\n        it { should_not have_port_enabled_in_zone(port) }\n      end\n    end\n  elsif service('iptables').running?\n    describe iptables do\n      iptable_rules.each do |rule|\n        it { should have_rule(rule) }\n      end\n    end\n  else\n    describe package('tcp_wrappers') do\n      it { should be_installed }\n    end\n    tcpwrappers_allow.each do |rule|\n      describe etc_hosts_allow.where { daemon == rule['daemon'] } do\n        its('client_list') { should be rule['client_list'] }\n        its('options') { should be rule['options'] }\n      end\n    end\n    tcpwrappers_deny.each do |rule|\n      describe etc_hosts_deny.where { daemon == rule['daemon'] } do\n        its('client_list') { should be rule['client_list'] }\n        its('options') { should be rule['options'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Firewall Rules with services is expected to be in</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72311</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86935r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040750</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the Network File System (NFS) is configured to use RPCSEC_GSS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the Network File System (NFS) is configured to use RPCSEC_GSS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>When an NFS server is configured to use RPCSEC_SYS, a selected userid
 and groupid are used to handle requests from the remote user. The userid and
 groupid could mistakenly or maliciously be set incorrectly. The RPCSEC_GSS
 method of authentication uses certificates on the server and client systems to
-more securely authenticate the remote mount request.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify &quot;AUTH_GSS&quot; is being used to authenticate NFS mounts.
+more securely authenticate the remote mount request.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify "AUTH_GSS" is being used to authenticate NFS mounts.
 
     To check if the system is importing an NFS file system, look for any
-entries in the &quot;&#x2F;etc&#x2F;fstab&quot; file that have a file system type of &quot;nfs&quot; with
+entries in the "/etc/fstab" file that have a file system type of "nfs" with
 the following command:
 
-    # cat &#x2F;etc&#x2F;fstab | grep nfs
-    192.168.21.5:&#x2F;mnt&#x2F;export &#x2F;data1 nfs4 rw,sync ,soft,sec&#x3D;krb5:krb5i:krb5p
+    # cat /etc/fstab | grep nfs
+    192.168.21.5:/mnt/export /data1 nfs4 rw,sync ,soft,sec=krb5:krb5i:krb5p
 
     If the system is mounting file systems via NFS and has the sec option
-without the &quot;krb5:krb5i:krb5p&quot; settings, the &quot;sec&quot; option has the &quot;sys&quot;
-setting, or the &quot;sec&quot; option is missing, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Update the &quot;&#x2F;etc&#x2F;fstab&quot; file so the option &quot;sec&quot; is defined for each
-NFS mounted file system and the &quot;sec&quot; option does not have the &quot;sys&quot;
+without the "krb5:krb5i:krb5p" settings, the "sec" option has the "sys"
+setting, or the "sec" option is missing, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Update the "/etc/fstab" file so the option "sec" is defined for each
+NFS mounted file system and the "sec" option does not have the "sys"
 setting.
 
-    Ensure the &quot;sec&quot; option is defined as &quot;krb5:krb5i:krb5p&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cf77acea-7f4d-4a55-8220-51af48873300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71975</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86599r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Ensure the "sec" option is defined as "krb5:krb5i:krb5p".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72311\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the Network File System (NFS) is configured to use RPCSEC_GSS.\"\n  desc  \"When an NFS server is configured to use RPCSEC_SYS, a selected userid\nand groupid are used to handle requests from the remote user. The userid and\ngroupid could mistakenly or maliciously be set incorrectly. The RPCSEC_GSS\nmethod of authentication uses certificates on the server and client systems to\nmore securely authenticate the remote mount request.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify \\\"AUTH_GSS\\\" is being used to authenticate NFS mounts.\n\n    To check if the system is importing an NFS file system, look for any\nentries in the \\\"/etc/fstab\\\" file that have a file system type of \\\"nfs\\\" with\nthe following command:\n\n    # cat /etc/fstab | grep nfs\n    192.168.21.5:/mnt/export /data1 nfs4 rw,sync ,soft,sec=krb5:krb5i:krb5p\n\n    If the system is mounting file systems via NFS and has the sec option\nwithout the \\\"krb5:krb5i:krb5p\\\" settings, the \\\"sec\\\" option has the \\\"sys\\\"\nsetting, or the \\\"sec\\\" option is missing, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Update the \\\"/etc/fstab\\\" file so the option \\\"sec\\\" is defined for each\nNFS mounted file system and the \\\"sec\\\" option does not have the \\\"sys\\\"\nsetting.\n\n    Ensure the \\\"sec\\\" option is defined as \\\"krb5:krb5i:krb5p\\\".\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72311\"\n  tag rid: \"SV-86935r4_rule\"\n  tag stig_id: \"RHEL-07-040750\"\n  tag fix_id: \"F-78665r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |file_system|\n      describe file_system do\n        its ('mount_options') { should include 'sec=krb5:krb5i:krb5p' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71975</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86599r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that designated personnel are notified if baseline configurations are changed
-in an unauthorized manner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+in an unauthorized manner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unauthorized changes to the baseline configuration could make the
 system vulnerable to various attacks or allow unauthorized access to the
 operating system. Changes to operating system configurations can have
@@ -29796,17 +28487,17 @@ unintended side effects, some of which may be relevant to security.
 
     Detecting such changes and providing an automated response can help avoid
 unintended, negative consequences that could ultimately affect the security
-state of the operating system. The operating system&#39;s Information Management
-Officer (IMO)&#x2F;Information System Security Officer (ISSO) and System
-Administrators (SAs) must be notified via email and&#x2F;or monitoring system trap
-when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+state of the operating system. The operating system's Information Management
+Officer (IMO)/Information System Security Officer (ISSO) and System
+Administrators (SAs) must be notified via email and/or monitoring system trap
+when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system notifies designated personnel if baseline
 configurations are changed in an unauthorized manner.
 
@@ -29825,32 +28516,32 @@ performed on the system.
 executes AIDE to scan for changes to the system baseline. The commands used in
 the example will use a daily occurrence.
 
-    Check the cron directories for a &quot;crontab&quot; script file controlling the
+    Check the cron directories for a "crontab" script file controlling the
 execution of the file integrity application. For example, if AIDE is installed
 on the system, use the following command:
 
-    # ls -al &#x2F;etc&#x2F;cron.* | grep aide
+    # ls -al /etc/cron.* | grep aide
     -rwxr-xr-x 1 root root 32 Jul 1 2011 aide
 
-    # grep aide &#x2F;etc&#x2F;crontab &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root
-    &#x2F;etc&#x2F;crontab: 30 04 * * * &#x2F;root&#x2F;aide
-    &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root: 30 04 * * * &#x2F;root&#x2F;aide
+    # grep aide /etc/crontab /var/spool/cron/root
+    /etc/crontab: 30 04 * * * /root/aide
+    /var/spool/cron/root: 30 04 * * * /root/aide
 
     AIDE does not have a configuration that will send a notification, so the
 cron job uses the mail application on the system to email the results of the
 file integrity run as in the following example:
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-    #!&#x2F;bin&#x2F;bash
+    # more /etc/cron.daily/aide
+    #!/bin/bash
 
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil
 
     If the file integrity application does not notify designated personnel of
-changes, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+changes, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to notify designated personnel if baseline
 configurations are changed in an unauthorized manner. The AIDE tool can be
 configured to email designated personnel with the use of the cron system.
@@ -29858,140 +28549,134 @@ configured to email designated personnel with the use of the cron system.
     The following example output is generic. It will set cron to run AIDE daily
 and to send email at the completion of the analysis.
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cac4aa82-dc0f-49f5-b544-4a4116798b1f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-File &#x2F;etc&#x2F;cron.daily&#x2F;aide content is expected to match &#x2F;\&#x2F;bin\&#x2F;mail&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71983</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86607r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/cron.daily/aide
+
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71975\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat designated personnel are notified if baseline configurations are changed\nin an unauthorized manner.\"\n  desc  \"Unauthorized changes to the baseline configuration could make the\nsystem vulnerable to various attacks or allow unauthorized access to the\noperating system. Changes to operating system configurations can have\nunintended side effects, some of which may be relevant to security.\n\n    Detecting such changes and providing an automated response can help avoid\nunintended, negative consequences that could ultimately affect the security\nstate of the operating system. The operating system's Information Management\nOfficer (IMO)/Information System Security Officer (ISSO) and System\nAdministrators (SAs) must be notified via email and/or monitoring system trap\nwhen there is an unauthorized modification of a configuration item.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system notifies designated personnel if baseline\nconfigurations are changed in an unauthorized manner.\n\n    Note: A file integrity tool other than Advanced Intrusion Detection\nEnvironment (AIDE) may be used, but the tool must be executed and notify\nspecified individuals via email or an alert.\n\n    Check to see if AIDE is installed on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the SA how file integrity checks are\nperformed on the system.\n\n    Check for the presence of a cron job running routinely on the system that\nexecutes AIDE to scan for changes to the system baseline. The commands used in\nthe example will use a daily occurrence.\n\n    Check the cron directories for a \\\"crontab\\\" script file controlling the\nexecution of the file integrity application. For example, if AIDE is installed\non the system, use the following command:\n\n    # ls -al /etc/cron.* | grep aide\n    -rwxr-xr-x 1 root root 32 Jul 1 2011 aide\n\n    # grep aide /etc/crontab /var/spool/cron/root\n    /etc/crontab: 30 04 * * * /root/aide\n    /var/spool/cron/root: 30 04 * * * /root/aide\n\n    AIDE does not have a configuration that will send a notification, so the\ncron job uses the mail application on the system to email the results of the\nfile integrity run as in the following example:\n\n    # more /etc/cron.daily/aide\n    #!/bin/bash\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n\n    If the file integrity application does not notify designated personnel of\nchanges, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to notify designated personnel if baseline\nconfigurations are changed in an unauthorized manner. The AIDE tool can be\nconfigured to email designated personnel with the use of the cron system.\n\n    The following example output is generic. It will set cron to run AIDE daily\nand to send email at the completion of the analysis.\n\n    # more /etc/cron.daily/aide\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000363-GPOS-00150\"\n  tag gid: \"V-71975\"\n  tag rid: \"SV-86599r2_rule\"\n  tag stig_id: \"RHEL-07-020040\"\n  tag fix_id: \"F-78327r3_fix\"\n  tag cci: [\"CCI-001744\"]\n  tag nist: [\"CM-3 (5)\", \"Rev_4\"]\n\n  file_integrity_tool = input('file_integrity_tool')\n\n  describe package(file_integrity_tool) do\n    it { should be_installed }\n  end\n  describe.one do\n    describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n      its('content') { should match %r{/bin/mail} }\n    end\n    describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n      its('content') { should match %r{/bin/mail} }\n    end\n    describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n      its('commands.flatten') { should include(match %r{/bin/mail}) }\n    end\n    if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n      describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n        its('commands') { should include(match %r{/bin/mail}) }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST File /etc/cron.daily/aide content is expected to match /\/bin\/mail/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71983</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86607r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-disable USB mass storage.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+disable USB mass storage.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>USB mass storage permits easy introduction of unknown devices, thereby
-facilitating malicious activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+facilitating malicious activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If there is an HBSS with a Device Control Module and a Data Loss Prevention
 mechanism, this requirement is not applicable.
 
     Verify the operating system disables the ability to load the USB Storage
 kernel module.
 
-    # grep -r usb-storage &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;&#x2F;bin&#x2F;true&quot; | grep -v
-&quot;^#&quot;
+    # grep -r usb-storage /etc/modprobe.d/* | grep -i "/bin/true" | grep -v
+"^#"
 
-    install usb-storage &#x2F;bin&#x2F;true
+    install usb-storage /bin/true
 
     If the command does not return any output, or the line is commented out,
 and use of USB Storage is not documented with the Information System Security
@@ -30002,612 +28687,589 @@ devices.
 
     Check to see if USB mass storage is disabled with the following command:
 
-    # grep usb-storage &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;blacklist&quot; | grep -v
-&quot;^#&quot;
+    # grep usb-storage /etc/modprobe.d/* | grep -i "blacklist" | grep -v
+"^#"
     blacklist usb-storage
 
-    If the command does not return any output or the output is not &quot;blacklist
-usb-storage&quot;, and use of USB storage devices is not documented with the
+    If the command does not return any output or the output is not "blacklist
+usb-storage", and use of USB storage devices is not documented with the
 Information System Security Officer (ISSO) as an operational requirement, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to use the USB
 Storage kernel module.
 
-    Create a file under &quot;&#x2F;etc&#x2F;modprobe.d&quot; with the following command:
+    Create a file under "/etc/modprobe.d" with the following command:
 
-    # touch &#x2F;etc&#x2F;modprobe.d&#x2F;usb-storage.conf
+    # touch /etc/modprobe.d/usb-storage.conf
 
     Add the following line to the created file:
 
-    install usb-storage &#x2F;bin&#x2F;true
+    install usb-storage /bin/true
 
     Configure the operating system to disable the ability to use USB mass
 storage devices.
 
-    # vi &#x2F;etc&#x2F;modprobe.d&#x2F;blacklist.conf
+    # vi /etc/modprobe.d/blacklist.conf
 
     Add or update the line:
 
-    blacklist usb-storage</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2722bacb-9897-4f03-9fdf-10dd1c3fe2ca</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Module usb_storage is expected not to be loaded
---------------------------------
-passed
-Kernel Module usb_storage is expected to be blacklisted</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86759r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030560</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    blacklist usb-storage</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71983\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\ndisable USB mass storage.\"\n  desc  \"USB mass storage permits easy introduction of unknown devices, thereby\nfacilitating malicious activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If there is an HBSS with a Device Control Module and a Data Loss Prevention\nmechanism, this requirement is not applicable.\n\n    Verify the operating system disables the ability to load the USB Storage\nkernel module.\n\n    # grep -r usb-storage /etc/modprobe.d/* | grep -i \\\"/bin/true\\\" | grep -v\n\\\"^#\\\"\n\n    install usb-storage /bin/true\n\n    If the command does not return any output, or the line is commented out,\nand use of USB Storage is not documented with the Information System Security\nOfficer (ISSO) as an operational requirement, this is a finding.\n\n    Verify the operating system disables the ability to use USB mass storage\ndevices.\n\n    Check to see if USB mass storage is disabled with the following command:\n\n    # grep usb-storage /etc/modprobe.d/* | grep -i \\\"blacklist\\\" | grep -v\n\\\"^#\\\"\n    blacklist usb-storage\n\n    If the command does not return any output or the output is not \\\"blacklist\nusb-storage\\\", and use of USB storage devices is not documented with the\nInformation System Security Officer (ISSO) as an operational requirement, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to use the USB\nStorage kernel module.\n\n    Create a file under \\\"/etc/modprobe.d\\\" with the following command:\n\n    # touch /etc/modprobe.d/usb-storage.conf\n\n    Add the following line to the created file:\n\n    install usb-storage /bin/true\n\n    Configure the operating system to disable the ability to use USB mass\nstorage devices.\n\n    # vi /etc/modprobe.d/blacklist.conf\n\n    Add or update the line:\n\n    blacklist usb-storage\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000114-GPOS-00059\"\n  tag satisfies: [\"SRG-OS-000114-GPOS-00059\", \"SRG-OS-000378-GPOS-00163\",\n\"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-71983\"\n  tag rid: \"SV-86607r4_rule\"\n  tag stig_id: \"RHEL-07-020100\"\n  tag fix_id: \"F-78335r4_fix\"\n  tag cci: [\"CCI-000366\", \"CCI-000778\", \"CCI-001958\"]\n  tag nist: [\"CM-6 b\", \"IA-3\", \"IA-3\", \"Rev_4\"]\n\n  describe kernel_module('usb_storage') do\n    it { should_not be_loaded }\n    it { should be_blacklisted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Module usb_storage is expected not to be loaded
+--------------------------------
+passed :: TEST Kernel Module usb_storage is expected to be blacklisted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86759r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030560</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the semanage command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the semanage command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;semanage&quot; command occur.
+successful/unsuccessful attempts to use the "semanage" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;semanage &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/semanage /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;semanage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;semanage&quot; command occur.
+successful/unsuccessful attempts to use the "semanage" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;semanage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>93d277db-e8e3-406f-af65-d8e94fecdacd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;semanage&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;semanage&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86915r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72135\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe semanage command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"semanage\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/semanage /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"semanage\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72135\"\n  tag rid: \"SV-86759r4_rule\"\n  tag stig_id: \"RHEL-07-030560\"\n  tag fix_id: \"F-78487r5_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/semanage'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/semanage" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/semanage" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86915r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow
 interfaces to perform Internet Protocol version 4 (IPv4) Internet Control
-Message Protocol (ICMP) redirects by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Message Protocol (ICMP) redirects by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages contain
-information from the system&#39;s route table, possibly revealing portions of the
-network topology.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information from the system's route table, possibly revealing portions of the
+network topology.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not allow interfaces to perform IPv4 ICMP redirects
 by default.
 
-    # grep &#39;net.ipv4.conf.default.send_redirects&#39; &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    If &quot;net.ipv4.conf.default.send_redirects&quot; is not configured in the
-&quot;&#x2F;etc&#x2F;sysctl.conf&quot; file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out
-or does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv4.conf.default.send_redirects" is not configured in the
+"/etc/sysctl.conf" file or in the /etc/sysctl.d/ directory, is commented out
+or does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;default send_redirects&quot;
+    Check that the operating system implements the "default send_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.default.send_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'
 
-    net.ipv4.conf.default.send_redirects &#x3D; 0
+    net.ipv4.conf.default.send_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to not allow interfaces to perform IPv4 ICMP redirects
 by default.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.send_redirects &#x3D; 0
+    net.ipv4.conf.default.send_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1bdd003b-a603-4f33-93a1-38f79df99cae</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.send_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86647r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72291\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow\ninterfaces to perform Internet Protocol version 4 (IPv4) Internet Control\nMessage Protocol (ICMP) redirects by default.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages contain\ninformation from the system's route table, possibly revealing portions of the\nnetwork topology.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not allow interfaces to perform IPv4 ICMP redirects\nby default.\n\n    # grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    If \\\"net.ipv4.conf.default.send_redirects\\\" is not configured in the\n\\\"/etc/sysctl.conf\\\" file or in the /etc/sysctl.d/ directory, is commented out\nor does not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"default send_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'\n\n    net.ipv4.conf.default.send_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to not allow interfaces to perform IPv4 ICMP redirects\nby default.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.send_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72291\"\n  tag rid: \"SV-86915r4_rule\"\n  tag stig_id: \"RHEL-07-040650\"\n  tag fix_id: \"F-78645r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.send_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.send_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86647r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
-directories are owned by the owner of the home directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directories are owned by the owner of the home directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users do not own the files in their directories,
 unauthorized users may be able to access them. Additionally, if files are not
-owned by the user, this could be an indication of system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user&#39;s home
+owned by the user, this could be an indication of system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user's home
 directory are owned by the user.
 
-    Check the owner of all files and directories in a local interactive user&#39;s
+    Check the owner of all files and directories in a local interactive user's
 home directory with the following command:
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;home&#x2F;smithj
+    # ls -lLR /home/smithj
     -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1
     -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r--r-- 1 smithj smithj 231 Mar  5 17:06 file3
 
     If any files are found with an owner different than the home directory
-user, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the owner of a local interactive user&#39;s files and directories to
-that owner. To change the owner of a local interactive user&#39;s files and
+user, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the owner of a local interactive user's files and directories to
+that owner. To change the owner of a local interactive user's files and
 directories, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj&#x2F;&lt;file or directory&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>839bd59b-7cc5-4f33-a629-79cc16a369af</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files and directories that are not owned by the user is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86861r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj/&lt;file or directory&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72023\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories are owned by the owner of the home directory.\"\n  desc  \"If local interactive users do not own the files in their directories,\nunauthorized users may be able to access them. Additionally, if files are not\nowned by the user, this could be an indication of system compromise.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories in a local interactive user's home\ndirectory are owned by the user.\n\n    Check the owner of all files and directories in a local interactive user's\nhome directory with the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /home/smithj\n    -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r--r-- 1 smithj smithj 231 Mar  5 17:06 file3\n\n    If any files are found with an owner different than the home directory\nuser, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the owner of a local interactive user's files and directories to\nthat owner. To change the owner of a local interactive user's files and\ndirectories, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj/&lt;file or directory&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72023\"\n  tag rid: \"SV-86647r2_rule\"\n  tag stig_id: \"RHEL-07-020660\"\n  tag fix_id: \"F-78375r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -xdev -xautofs -not -user #{user_info.username}\").stdout.split(\"\\n\")\n  end\n  describe \"Files and directories that are not owned by the user\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files and directories that are not owned by the user is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86861r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with SSH traffic are terminated at the
 end of the session or after 10 minutes of inactivity, except to fulfill
-documented and validated mission requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+documented and validated mission requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle SSH session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -30615,169 +29277,162 @@ unattended. In addition, quickly terminating an idle SSH session will also free
 up resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically terminates a user session after
 inactivity time-outs have expired.
 
-    Check for the value of the &quot;ClientAliveInterval&quot; keyword with the
+    Check for the value of the "ClientAliveInterval" keyword with the
 following command:
 
-    # grep -iw clientaliveinterval &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -iw clientaliveinterval /etc/ssh/sshd_config
 
     ClientAliveInterval 600
 
-    If &quot;ClientAliveInterval&quot; is not configured, commented out, or has a value
-of &quot;0&quot;, this is a finding.
+    If "ClientAliveInterval" is not configured, commented out, or has a value
+of "0", this is a finding.
 
-    If &quot;ClientAliveInterval&quot; has a value that is greater than &quot;600&quot; and is
+    If "ClientAliveInterval" has a value that is greater than "600" and is
 not documented with the Information System Security Officer (ISSO) as an
-operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to automatically terminate a user session
 after inactivity time-outs have expired or at shutdown.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor):
 
     ClientAliveInterval 600
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>11e7cbf0-5b19-48ab-afe2-89e7860d3f52</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration ClientAliveInterval.to_i is expected to cmp &gt;&#x3D; 1
---------------------------------
-passed
-SSHD Configuration ClientAliveInterval.to_i is expected to cmp &lt;&#x3D; 600
---------------------------------
-passed
-SSHD Configuration ClientAliveInterval is expected not to eq nil</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71989</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86613r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable SELinux.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72237\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with SSH traffic are terminated at the\nend of the session or after 10 minutes of inactivity, except to fulfill\ndocumented and validated mission requirements.\"\n  desc  \"Terminating an idle SSH session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle SSH session will also free\nup resources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically terminates a user session after\ninactivity time-outs have expired.\n\n    Check for the value of the \\\"ClientAliveInterval\\\" keyword with the\nfollowing command:\n\n    # grep -iw clientaliveinterval /etc/ssh/sshd_config\n\n    ClientAliveInterval 600\n\n    If \\\"ClientAliveInterval\\\" is not configured, commented out, or has a value\nof \\\"0\\\", this is a finding.\n\n    If \\\"ClientAliveInterval\\\" has a value that is greater than \\\"600\\\" and is\nnot documented with the Information System Security Officer (ISSO) as an\noperational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to automatically terminate a user session\nafter inactivity time-outs have expired or at shutdown.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor):\n\n    ClientAliveInterval 600\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag satisfies: [\"SRG-OS-000163-GPOS-00072\", \"SRG-OS-000279-GPOS-00109\"]\n  tag gid: \"V-72237\"\n  tag rid: \"SV-86861r4_rule\"\n  tag stig_id: \"RHEL-07-040320\"\n  tag fix_id: \"F-78591r2_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  client_alive_interval = input('client_alive_interval')\n\n  #This may show slightly confusing results when a ClientAliveInterValue is not\n  #specified. Specifically, because the value will be nil and when you try to\n  #convert it to an integer using to_i it will convert it to 0 and pass the\n  #&lt;= client_alive_interval check. However, the control as a whole will still fail.\n  describe sshd_config do\n    its(\"ClientAliveInterval.to_i\"){should cmp &gt;= 1}\n    its(\"ClientAliveInterval.to_i\"){should cmp &lt;= client_alive_interval}\n    its(\"ClientAliveInterval\"){should_not eq nil}\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration ClientAliveInterval.to_i is expected to cmp &gt;= 1
+--------------------------------
+passed :: TEST SSHD Configuration ClientAliveInterval.to_i is expected to cmp &lt;= 600
+--------------------------------
+passed :: TEST SSHD Configuration ClientAliveInterval is expected not to eq nil</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71989</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86613r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable SELinux.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without verification of the security functions, security functions may
 not operate correctly and the failure may go unnoticed. Security function is
-defined as the hardware, software, and&#x2F;or firmware of the information system
+defined as the hardware, software, and/or firmware of the information system
 responsible for enforcing the system security policy and supporting the
 isolation of code and data on which the protection is based. Security
 functionality includes, but is not limited to, establishing system accounts,
@@ -30785,1431 +29440,1358 @@ configuring access authorizations (i.e., permissions, privileges), setting
 events to be audited, and setting intrusion detection parameters.
 
     This requirement applies to operating systems performing security function
-verification&#x2F;testing and&#x2F;or systems and environments that require this
-functionality.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+verification/testing and/or systems and environments that require this
+functionality.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system verifies correct operation of all security
 functions.
 
-    Check if &quot;SELinux&quot; is active and in &quot;Enforcing&quot; mode with the following
+    Check if "SELinux" is active and in "Enforcing" mode with the following
 command:
 
     # getenforce
     Enforcing
 
-    If &quot;SELinux&quot; is not active and not in &quot;Enforcing&quot; mode, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "SELinux" is not active and not in "Enforcing" mode, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify correct operation of all security
 functions.
 
-    Set the &quot;SELinux&quot; status and the &quot;Enforcing&quot; mode by modifying the
-&quot;&#x2F;etc&#x2F;selinux&#x2F;config&quot; file to have the following line:
-
-    SELINUX&#x3D;enforcing
-
-    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>634a4141-f45b-4ec2-9efd-47a330a14cfe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;getenforce&#x60; stdout.strip is expected to eq &quot;Enforcing&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95727r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "SELinux" status and the "Enforcing" mode by modifying the
+"/etc/selinux/config" file to have the following line:
+
+    SELINUX=enforcing
+
+    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71989\" do\n  title \"The Red Hat Enterprise Linux operating system must enable SELinux.\"\n  desc  \"Without verification of the security functions, security functions may\nnot operate correctly and the failure may go unnoticed. Security function is\ndefined as the hardware, software, and/or firmware of the information system\nresponsible for enforcing the system security policy and supporting the\nisolation of code and data on which the protection is based. Security\nfunctionality includes, but is not limited to, establishing system accounts,\nconfiguring access authorizations (i.e., permissions, privileges), setting\nevents to be audited, and setting intrusion detection parameters.\n\n    This requirement applies to operating systems performing security function\nverification/testing and/or systems and environments that require this\nfunctionality.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system verifies correct operation of all security\nfunctions.\n\n    Check if \\\"SELinux\\\" is active and in \\\"Enforcing\\\" mode with the following\ncommand:\n\n    # getenforce\n    Enforcing\n\n    If \\\"SELinux\\\" is not active and not in \\\"Enforcing\\\" mode, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify correct operation of all security\nfunctions.\n\n    Set the \\\"SELinux\\\" status and the \\\"Enforcing\\\" mode by modifying the\n\\\"/etc/selinux/config\\\" file to have the following line:\n\n    SELINUX=enforcing\n\n    A reboot is required for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000445-GPOS-00199\"\n  tag gid: \"V-71989\"\n  tag rid: \"SV-86613r3_rule\"\n  tag stig_id: \"RHEL-07-020210\"\n  tag fix_id: \"F-78341r2_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002696\"]\n  tag nist: [\"AC-3 (4)\", \"SI-6 a\", \"Rev_4\"]\n\n  describe command('getenforce') do\n    its('stdout.strip') { should eq 'Enforcing' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `getenforce` stdout.strip is expected to eq "Enforcing"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95727r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-use the au-remote plugin.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+use the au-remote plugin.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
 storage capacity.
 
-    Without the configuration of the &quot;au-remote&quot; plugin, the audisp-remote
-daemon will not off-load the logs from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the &quot;au-remote&quot; plugin is active on the system:
-
-    # grep &quot;active&quot; &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf
-
-    active &#x3D; yes
-
-    If the &quot;active&quot; setting is not set to &quot;yes&quot;, or the line is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf file and change the value of
-&quot;active&quot; to &quot;yes&quot;.
+    Without the configuration of the "au-remote" plugin, the audisp-remote
+daemon will not off-load the logs from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the "au-remote" plugin is active on the system:
+
+    # grep "active" /etc/audisp/plugins.d/au-remote.conf
+
+    active = yes
+
+    If the "active" setting is not set to "yes", or the line is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/plugins.d/au-remote.conf file and change the value of
+"active" to "yes".
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>faac7b74-f692-449b-91fe-2764903670f1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86627r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81015\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nuse the au-remote plugin.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    Without the configuration of the \\\"au-remote\\\" plugin, the audisp-remote\ndaemon will not off-load the logs from the system being audited.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the \\\"au-remote\\\" plugin is active on the system:\n\n    # grep \\\"active\\\" /etc/audisp/plugins.d/au-remote.conf\n\n    active = yes\n\n    If the \\\"active\\\" setting is not set to \\\"yes\\\", or the line is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/plugins.d/au-remote.conf file and change the value of\n\\\"active\\\" to \\\"yes\\\".\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81015\"\n  tag rid: \"SV-95727r1_rule\"\n  tag stig_id: \"RHEL-07-030200\"\n  tag fix_id: \"F-87849r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  test_file = '/etc/audisp/plugins.d/au-remote.conf'\n\n  if file(test_file).exist?\n    describe parse_config_file(test_file) do\n      its('active') { should match %r{yes$} }\n    end\n  else\n    describe \"File '#{test_file}' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '#{test_file}' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86627r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all Group Identifiers (GIDs) referenced in the &#x2F;etc&#x2F;passwd file are
-defined in the &#x2F;etc&#x2F;group file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all Group Identifiers (GIDs) referenced in the /etc/passwd file are
+defined in the /etc/group file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a user is assigned the GID of a group not existing on the system,
 and a group with the GID is subsequently created, the user may have unintended
-rights to any files associated with the group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify all GIDs referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file are defined in the
-&quot;&#x2F;etc&#x2F;group&quot; file.
+rights to any files associated with the group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify all GIDs referenced in the "/etc/passwd" file are defined in the
+"/etc/group" file.
 
     Check that all referenced GIDs exist with the following command:
 
     # pwck -r
 
-    If GIDs referenced in &quot;&#x2F;etc&#x2F;passwd&quot; file are returned as not defined in
-&quot;&#x2F;etc&#x2F;group&quot; file, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If GIDs referenced in "/etc/passwd" file are returned as not defined in
+"/etc/group" file, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to define all GIDs found in the
-&quot;&#x2F;etc&#x2F;passwd&quot; file by modifying the &quot;&#x2F;etc&#x2F;group&quot; file to add any
-non-existent group referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file, or change the GIDs
-referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file to a group that exists in
-&quot;&#x2F;etc&#x2F;group&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>912d7023-b9ca-45e9-bded-6a2d19606ed4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 1
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 2
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 4
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 7
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 12
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 99
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 192
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 81
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 998
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 74
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 89
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 995
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 1000
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 59
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 993</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92251</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102353r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040611</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/passwd" file by modifying the "/etc/group" file to add any
+non-existent group referenced in the "/etc/passwd" file, or change the GIDs
+referenced in the "/etc/passwd" file to a group that exists in
+"/etc/group".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72003\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all Group Identifiers (GIDs) referenced in the /etc/passwd file are\ndefined in the /etc/group file.\"\n  desc  \"If a user is assigned the GID of a group not existing on the system,\nand a group with the GID is subsequently created, the user may have unintended\nrights to any files associated with the group.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all GIDs referenced in the \\\"/etc/passwd\\\" file are defined in the\n\\\"/etc/group\\\" file.\n\n    Check that all referenced GIDs exist with the following command:\n\n    # pwck -r\n\n    If GIDs referenced in \\\"/etc/passwd\\\" file are returned as not defined in\n\\\"/etc/group\\\" file, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system to define all GIDs found in the\n\\\"/etc/passwd\\\" file by modifying the \\\"/etc/group\\\" file to add any\nnon-existent group referenced in the \\\"/etc/passwd\\\" file, or change the GIDs\nreferenced in the \\\"/etc/passwd\\\" file to a group that exists in\n\\\"/etc/group\\\".\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000104-GPOS-00051\"\n  tag gid: \"V-72003\"\n  tag rid: \"SV-86627r2_rule\"\n  tag stig_id: \"RHEL-07-020300\"\n  tag fix_id: \"F-78355r1_fix\"\n  tag cci: [\"CCI-000764\"]\n  tag nist: [\"IA-2\", \"Rev_4\"]\n\n  passwd.gids.each do |gid|\n    describe etc_group do\n      its('gids') { should include gid.to_i }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 1
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 2
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 4
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 7
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 12
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 99
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 192
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 81
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 998
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 74
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 89
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 995
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 1000
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 59
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 993</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92251</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102353r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040611</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a reverse-path
-filter for IPv4 network traffic when possible on all interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+filter for IPv4 network traffic when possible on all interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enabling reverse path filtering drops packets with source addresses
 that should not have been able to be received on the interface they were
 received on. It should not be used on systems which are routers for complicated
-networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system uses a reverse-path filter for IPv4:
 
-    # grep net.ipv4.conf.all.rp_filter &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    # grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+    net.ipv4.conf.all.rp_filter = 1
 
-    If &quot;net.ipv4.conf.all.rp_filter&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If "net.ipv4.conf.all.rp_filter" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.all.rp_filter
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter
+    net.ipv4.conf.all.rp_filter = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    net.ipv4.conf.all.rp_filter = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>69c12179-8209-4de8-9db0-b75592e4077b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.rp_filter value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86813r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030830</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92251\" do\n  title \"The Red Hat Enterprise Linux operating system must use a reverse-path\nfilter for IPv4 network traffic when possible on all interfaces.\"\n  desc  \"Enabling reverse path filtering drops packets with source addresses\nthat should not have been able to be received on the interface they were\nreceived on. It should not be used on systems which are routers for complicated\nnetworks, but is helpful for end hosts and routers serving small networks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system uses a reverse-path filter for IPv4:\n\n    # grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/*\n    net.ipv4.conf.all.rp_filter = 1\n\n    If \\\"net.ipv4.conf.all.rp_filter\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter\n    net.ipv4.conf.all.rp_filter = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.rp_filter = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-92251\"\n  tag rid: \"SV-102353r1_rule\"\n  tag stig_id: \"RHEL-07-040611\"\n  tag fix_id: \"F-98473r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.rp_filter') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.rp_filter value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86813r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030830</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the delete_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the delete_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;delete_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "delete_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw delete_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw delete_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S delete_module -k module-change
+    -a always,exit -F arch=b32 -S delete_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S delete_module -k module-change
+    -a always,exit -F arch=b64 -S delete_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;delete_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"delete_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;delete_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S delete_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S delete_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>35b0e522-b36a-44df-b8e9-19f3886ff872</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73175</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87827r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040641</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "delete_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S delete_module -k module-change
+
+    -a always,exit -F arch=b64 -S delete_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72189\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe delete_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"delete_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw delete_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S delete_module -k module-change\n\n    -a always,exit -F arch=b64 -S delete_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"delete_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"delete_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S delete_module -k module-change\n\n    -a always,exit -F arch=b64 -S delete_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72189\"\n  tag rid: \"SV-86813r5_rule\"\n  tag stig_id: \"RHEL-07-030830\"\n  tag fix_id: \"F-78543r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"delete_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"delete_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73175</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87827r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040641</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must ignore Internet
 Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect
-messages.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+messages.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages modify the
-host&#39;s route table and are unauthenticated. An illicit ICMP redirect message
-could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+host's route table and are unauthenticated. An illicit ICMP redirect message
+could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system ignores IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.all.accept_redirects&#39; &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot; net.ipv4.conf.all.accept_redirects &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.all.accept_redirects " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;accept_redirects&quot;
+    Check that the operating system implements the "accept_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.all.accept_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'
 
-    net.ipv4.conf.all.accept_redirects &#x3D; 0
+    net.ipv4.conf.all.accept_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to ignore IPv4 ICMP redirect messages by adding the
-following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+following line to "/etc/sysctl.conf" or a configuration file in the
+/etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.accept_redirects &#x3D; 0
+    net.ipv4.conf.all.accept_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e719f98a-ac01-4c56-8228-8adea290896f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.accept_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72261</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86885r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73175\" do\n  title \"The Red Hat Enterprise Linux operating system must ignore Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect\nmessages.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages modify the\nhost's route table and are unauthenticated. An illicit ICMP redirect message\ncould result in a man-in-the-middle attack.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system ignores IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\" net.ipv4.conf.all.accept_redirects \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"accept_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'\n\n    net.ipv4.conf.all.accept_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to ignore IPv4 ICMP redirect messages by adding the\nfollowing line to \\\"/etc/sysctl.conf\\\" or a configuration file in the\n/etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.accept_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-73175\"\n  tag rid: \"SV-87827r4_rule\"\n  tag stig_id: \"RHEL-07-040641\"\n  tag fix_id: \"F-79621r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.accept_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.accept_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72261</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86885r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not permit Kerberos authentication unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not permit Kerberos authentication unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Kerberos authentication for SSH is often implemented using Generic
 Security Service Application Program Interface (GSSAPI). If Kerberos is enabled
-through SSH, the SSH daemon provides a means of access to the system&#39;s Kerberos
-implementation. Vulnerabilities in the system&#39;s Kerberos implementation may
+through SSH, the SSH daemon provides a means of access to the system's Kerberos
+implementation. Vulnerabilities in the system's Kerberos implementation may
 then be subject to exploitation. To reduce the attack surface of the system,
 the Kerberos authentication mechanism within SSH must be disabled for systems
-not using this capability.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+not using this capability.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not permit Kerberos to authenticate passwords
 unless approved.
 
     Check that the SSH daemon does not permit Kerberos to authenticate
 passwords with the following command:
 
-    # grep -i kerberosauth &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i kerberosauth /etc/ssh/sshd_config
     KerberosAuthentication no
 
-    If the &quot;KerberosAuthentication&quot; keyword is missing, or is set to &quot;yes&quot;
+    If the "KerberosAuthentication" keyword is missing, or is set to "yes"
 and is not documented with the Information System Security Officer (ISSO), or
-the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;KerberosAuthentication&quot; keyword in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "KerberosAuthentication" keyword in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor) and set the value to &quot;no&quot;:
+vendor) and set the value to "no":
 
     KerberosAuthentication no
 
     The SSH service must be restarted for changes to take effect.
 
     If Kerberos authentication is required, it must be documented, to include
-the location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1509f431-54e5-4114-a748-92be9ad17ee0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration KerberosAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72171</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86795r7_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030740</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+the location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72261\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not permit Kerberos authentication unless needed.\"\n  desc  \"Kerberos authentication for SSH is often implemented using Generic\nSecurity Service Application Program Interface (GSSAPI). If Kerberos is enabled\nthrough SSH, the SSH daemon provides a means of access to the system's Kerberos\nimplementation. Vulnerabilities in the system's Kerberos implementation may\nthen be subject to exploitation. To reduce the attack surface of the system,\nthe Kerberos authentication mechanism within SSH must be disabled for systems\nnot using this capability.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not permit Kerberos to authenticate passwords\nunless approved.\n\n    Check that the SSH daemon does not permit Kerberos to authenticate\npasswords with the following command:\n\n    # grep -i kerberosauth /etc/ssh/sshd_config\n    KerberosAuthentication no\n\n    If the \\\"KerberosAuthentication\\\" keyword is missing, or is set to \\\"yes\\\"\nand is not documented with the Information System Security Officer (ISSO), or\nthe returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"KerberosAuthentication\\\" keyword in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor) and set the value to \\\"no\\\":\n\n    KerberosAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n\n    If Kerberos authentication is required, it must be documented, to include\nthe location of the configuration file, with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72261\"\n  tag rid: \"SV-86885r3_rule\"\n  tag stig_id: \"RHEL-07-040440\"\n  tag fix_id: \"F-78615r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('KerberosAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration KerberosAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72171</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86795r7_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030740</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the mount command and syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the mount command and syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged mount commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;mount&quot; command and syscall occur.
+successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
     Check that the following system call is being audited by performing the
 following series of commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -iw &quot;mount&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "mount" /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F arch&#x3D;b64 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;mount&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"mount" syscall, this is a finding.
 
-    If all uses of the &quot;mount&quot; command are not being audited, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If all uses of the "mount" command are not being audited, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;mount&quot; command and syscall occur.
+successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F arch&#x3D;b64 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>83a3ff1a-84a3-498d-a735-b420b015558a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with path &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;mount&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with path &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;mount&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81011</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95723r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the nosuid option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72171\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe mount command and syscall.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged mount commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"mount\\\" command and syscall occur.\n\n    Check that the following system call is being audited by performing the\nfollowing series of commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw \\\"mount\\\" /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"mount\\\" syscall, this is a finding.\n\n    If all uses of the \\\"mount\\\" command are not being audited, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"mount\\\" command and syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72171\"\n  tag rid: \"SV-86795r7_rule\"\n  tag stig_id: \"RHEL-07-030740\"\n  tag fix_id: \"F-78525r9_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"mount\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"mount\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\n\n  describe auditd.path(\"/usr/bin/mount\") do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "mount" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with path == "/usr/bin/mount" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with path == "/usr/bin/mount" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81011</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95723r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the nosuid option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;nosuid&quot; option is configured for &#x2F;dev&#x2F;shm:
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "nosuid" option is configured for /dev/shm:
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
+    # cat /etc/fstab | grep /dev/shm
 
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;nosuid&quot; option is not listed, this
+    If any results are returned and the "nosuid" option is not listed, this
 is a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;nosuid&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep nosuid
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;nosuid&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6bb5f85f-6698-4988-990f-1257a2521589</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;nosuid&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86625r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "nosuid" option:
+
+    # mount | grep "/dev/shm" | grep nosuid
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"nosuid" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81011\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe nosuid option.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"nosuid\\\" option is configured for /dev/shm:\n\n    # cat /etc/fstab | grep /dev/shm\n\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"nosuid\\\" option is not listed, this\nis a finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"nosuid\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep nosuid\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"nosuid\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81011\"\n  tag rid: \"SV-95723r2_rule\"\n  tag stig_id: \"RHEL-07-021023\"\n  tag fix_id: \"F-87845r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'nosuid' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "nosuid"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86625r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have
-unnecessary accounts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unnecessary accounts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Accounts providing no operational purpose provide additional
 opportunities for system compromise. Unnecessary accounts include user accounts
 for individuals not requiring access to the system and application accounts for
-applications not installed on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+applications not installed on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all accounts on the system are assigned to an active system,
 application, or user account.
 
@@ -32218,207 +30800,174 @@ Security Officer (ISSO).
 
     Check the system accounts on the system with the following command:
 
-    # more &#x2F;etc&#x2F;passwd
-    root:x:0:0:root:&#x2F;root:&#x2F;bin&#x2F;bash
-    bin:x:1:1:bin:&#x2F;bin:&#x2F;sbin&#x2F;nologin
-    daemon:x:2:2:daemon:&#x2F;sbin:&#x2F;sbin&#x2F;nologin
-    sync:x:5:0:sync:&#x2F;sbin:&#x2F;bin&#x2F;sync
-    shutdown:x:6:0:shutdown:&#x2F;sbin:&#x2F;sbin&#x2F;shutdown
-    halt:x:7:0:halt:&#x2F;sbin:&#x2F;sbin&#x2F;halt
-    games:x:12:100:games:&#x2F;usr&#x2F;games:&#x2F;sbin&#x2F;nologin
-    gopher:x:13:30:gopher:&#x2F;var&#x2F;gopher:&#x2F;sbin&#x2F;nologin
-
-    Accounts such as &quot;games&quot; and &quot;gopher&quot; are not authorized accounts as
+    # more /etc/passwd
+    root:x:0:0:root:/root:/bin/bash
+    bin:x:1:1:bin:/bin:/sbin/nologin
+    daemon:x:2:2:daemon:/sbin:/sbin/nologin
+    sync:x:5:0:sync:/sbin:/bin/sync
+    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+    halt:x:7:0:halt:/sbin:/sbin/halt
+    games:x:12:100:games:/usr/games:/sbin/nologin
+    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
+
+    Accounts such as "games" and "gopher" are not authorized accounts as
 they do not support authorized system functions.
 
     If the accounts on the system do not match the provided documentation, or
 accounts that do not support an authorized system function are present, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system so all accounts on the system are assigned to an
 active system, application, or user account.
 
     Remove accounts that do not support approved system activities or that
 allow for a normal user to perform administrative-level actions.
 
-    Document all authorized accounts on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>74fb4bec-cebd-47fe-8967-cc1f9684baf6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-root is listed in allowed users.
---------------------------------
-passed
-bin is listed in allowed users.
---------------------------------
-passed
-daemon is listed in allowed users.
---------------------------------
-passed
-adm is listed in allowed users.
---------------------------------
-passed
-lp is listed in allowed users.
---------------------------------
-passed
-sync is listed in allowed users.
---------------------------------
-passed
-shutdown is listed in allowed users.
---------------------------------
-passed
-halt is listed in allowed users.
---------------------------------
-passed
-mail is listed in allowed users.
---------------------------------
-passed
-operator is listed in allowed users.
---------------------------------
-passed
-nobody is listed in allowed users.
---------------------------------
-passed
-systemd-network is listed in allowed users.
-expected &#x60;systemd-network&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-dbus is listed in allowed users.
-expected &#x60;dbus&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-polkitd is listed in allowed users.
-expected &#x60;polkitd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-sshd is listed in allowed users.
-expected &#x60;sshd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-postfix is listed in allowed users.
-expected &#x60;postfix&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-chrony is listed in allowed users.
-expected &#x60;chrony&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-ec2-user is listed in allowed users.
-expected &#x60;ec2-user&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-tss is listed in allowed users.
-expected &#x60;tss&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-sssd is listed in allowed users.
-expected &#x60;sssd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78997</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93703r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Document all authorized accounts on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72001\" do\n  title \"The Red Hat Enterprise Linux operating system must not have\nunnecessary accounts.\"\n  desc  \"Accounts providing no operational purpose provide additional\nopportunities for system compromise. Unnecessary accounts include user accounts\nfor individuals not requiring access to the system and application accounts for\napplications not installed on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all accounts on the system are assigned to an active system,\napplication, or user account.\n\n    Obtain the list of authorized system accounts from the Information System\nSecurity Officer (ISSO).\n\n    Check the system accounts on the system with the following command:\n\n    # more /etc/passwd\n    root:x:0:0:root:/root:/bin/bash\n    bin:x:1:1:bin:/bin:/sbin/nologin\n    daemon:x:2:2:daemon:/sbin:/sbin/nologin\n    sync:x:5:0:sync:/sbin:/bin/sync\n    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\n    halt:x:7:0:halt:/sbin:/sbin/halt\n    games:x:12:100:games:/usr/games:/sbin/nologin\n    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin\n\n    Accounts such as \\\"games\\\" and \\\"gopher\\\" are not authorized accounts as\nthey do not support authorized system functions.\n\n    If the accounts on the system do not match the provided documentation, or\naccounts that do not support an authorized system function are present, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system so all accounts on the system are assigned to an\nactive system, application, or user account.\n\n    Remove accounts that do not support approved system activities or that\nallow for a normal user to perform administrative-level actions.\n\n    Document all authorized accounts on the system.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72001\"\n  tag rid: \"SV-86625r2_rule\"\n  tag stig_id: \"RHEL-07-020270\"\n  tag fix_id: \"F-78353r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  known_system_accounts = input('known_system_accounts')\n  user_accounts = input('user_accounts')\n\n  allowed_accounts = (known_system_accounts + user_accounts).uniq\n  passwd.users.each do |user|\n    describe user do\n      it \"is listed in allowed users.\" do\n        expect(subject).to(be_in allowed_accounts)\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST root is listed in allowed users.
+--------------------------------
+passed :: TEST bin is listed in allowed users.
+--------------------------------
+passed :: TEST daemon is listed in allowed users.
+--------------------------------
+passed :: TEST adm is listed in allowed users.
+--------------------------------
+passed :: TEST lp is listed in allowed users.
+--------------------------------
+passed :: TEST sync is listed in allowed users.
+--------------------------------
+passed :: TEST shutdown is listed in allowed users.
+--------------------------------
+passed :: TEST halt is listed in allowed users.
+--------------------------------
+passed :: TEST mail is listed in allowed users.
+--------------------------------
+passed :: TEST operator is listed in allowed users.
+--------------------------------
+passed :: TEST nobody is listed in allowed users.
+--------------------------------
+passed :: TEST systemd-network is listed in allowed users. :: MESSAGE expected `systemd-network` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST dbus is listed in allowed users. :: MESSAGE expected `dbus` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST polkitd is listed in allowed users. :: MESSAGE expected `polkitd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST sshd is listed in allowed users. :: MESSAGE expected `sshd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST postfix is listed in allowed users. :: MESSAGE expected `postfix` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST chrony is listed in allowed users. :: MESSAGE expected `chrony` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST ec2-user is listed in allowed users. :: MESSAGE expected `ec2-user` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST tss is listed in allowed users. :: MESSAGE expected `tss` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST sssd is listed in allowed users. :: MESSAGE expected `sssd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78997</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93703r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
 overriding the screensaver idle-activation-enabled setting for the graphical
-user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -32426,17 +30975,17 @@ does not want to log out because of the temporary nature of the absence.
     The session lock is implemented at the point where session activity can be
 determined.
 
-    The ability to enable&#x2F;disable a session lock is given to the user by
-default. Disabling the user&#39;s ability to disengage the graphical user interface
+    The ability to enable/disable a session lock is given to the user by
+default. Disabling the user's ability to disengage the graphical user interface
 session lock provides the assurance that all sessions will lock after the
-specified period of time.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+specified period of time.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding the screensaver
 idle-activation-enabled setting for the graphical user interface.
 
@@ -32446,24 +30995,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the idle-activation-enabled setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i idle-activation-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i idle-activation-enabled /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;idle-activation-enabled
+    /org/gnome/desktop/screensaver/idle-activation-enabled
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -32471,444 +31020,425 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver idle-activation-enabled setting:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;idle-activation-enabled</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c6c9c0a6-ac42-48d7-90bc-4a1d5da91f5f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72265</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86889r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/idle-activation-enabled</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78997\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the screensaver idle-activation-enabled setting for the graphical\nuser interface.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    The ability to enable/disable a session lock is given to the user by\ndefault. Disabling the user's ability to disengage the graphical user interface\nsession lock provides the assurance that all sessions will lock after the\nspecified period of time.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding the screensaver\nidle-activation-enabled setting for the graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the idle-activation-enabled setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i idle-activation-enabled /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/screensaver/idle-activation-enabled\n\n    If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\nscreensaver lock after a 15-minute period of inactivity for graphical user\ninterfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in \\\"/etc/dconf/profile/user\\\", the\nfile should be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the screensaver idle-activation-enabled setting:\n\n    /org/gnome/desktop/screensaver/idle-activation-enabled\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-78997\"\n  tag rid: \"SV-93703r2_rule\"\n  tag stig_id: \"RHEL-07-010101\"\n  tag fix_id: \"F-85747r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe command(\"gsettings writable org.gnome.desktop.screensaver idle-activation-enabled\") do\n    its('stdout.strip') { should cmp 'false' }\n  end if package('gnome-desktop3').installed?\n\n  describe \"The GNOME desktop is not installed\" do\n    skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n  end if !package('gnome-desktop3').installed?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72265</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86889r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon uses privilege separation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon uses privilege separation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SSH daemon privilege separation causes the SSH process to drop root
 privileges when not needed, which would decrease the impact of software
-vulnerabilities in the unprivileged section.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+vulnerabilities in the unprivileged section.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs privilege separation.
 
     Check that the SSH daemon performs privilege separation with the following
 command:
 
-    # grep -i usepriv &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i usepriv /etc/ssh/sshd_config
 
     UsePrivilegeSeparation sandbox
 
-    If the &quot;UsePrivilegeSeparation&quot; keyword is set to &quot;no&quot;, is missing, or
-the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;UsePrivilegeSeparation&quot; keyword in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+    If the "UsePrivilegeSeparation" keyword is set to "no", is missing, or
+the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "UsePrivilegeSeparation" keyword in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor) and set the value to &quot;sandbox&quot; or &quot;yes&quot;:
+vendor) and set the value to "sandbox" or "yes":
 
     UsePrivilegeSeparation sandbox
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7dafa711-07e3-4cc8-b725-c0876d02d914</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration UsePrivilegeSeparation is expected to cmp &#x3D;&#x3D; &quot;sandbox&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87817r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030871</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72265\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon uses privilege separation.\"\n  desc  \"SSH daemon privilege separation causes the SSH process to drop root\nprivileges when not needed, which would decrease the impact of software\nvulnerabilities in the unprivileged section.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs privilege separation.\n\n    Check that the SSH daemon performs privilege separation with the following\ncommand:\n\n    # grep -i usepriv /etc/ssh/sshd_config\n\n    UsePrivilegeSeparation sandbox\n\n    If the \\\"UsePrivilegeSeparation\\\" keyword is set to \\\"no\\\", is missing, or\nthe returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"UsePrivilegeSeparation\\\" keyword in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor) and set the value to \\\"sandbox\\\" or \\\"yes\\\":\n\n    UsePrivilegeSeparation sandbox\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72265\"\n  tag rid: \"SV-86889r3_rule\"\n  tag stig_id: \"RHEL-07-040460\"\n  tag fix_id: \"F-78619r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe sshd_config do\n      its('UsePrivilegeSeparation') { should cmp 'sandbox' }\n    end\n    describe sshd_config do\n      its('UsePrivilegeSeparation') { should cmp 'yes' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration UsePrivilegeSeparation is expected to cmp == "sandbox"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87817r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030871</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;group&quot;.
+"/etc/group".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;group &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/group /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;group -p wa -k identity
+    -w /etc/group -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;group&quot;.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;group -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d384a6dd-5c7c-4e7c-b929-62f938b389a0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;group&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;group&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72307</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86931r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040730</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/group".
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/group -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73165\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/group.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/group\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/group /etc/audit/audit.rules\n\n    -w /etc/group -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/group\\\".\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/group -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73165\"\n  tag rid: \"SV-87817r3_rule\"\n  tag stig_id: \"RHEL-07-030871\"\n  tag fix_id: \"F-79611r3_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/group'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/group" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/group" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72307</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86931r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040730</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have an X
-Windows display manager installed unless approved.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Windows display manager installed unless approved.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Internet services that are not required for system or application
 processes must not be active to decrease the attack surface of the system. X
 Windows has a long history of security vulnerabilities and will not be used
-unless approved and documented.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unless approved and documented.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that if the system has X Windows System installed, it is authorized.
 
     Check for the X11 package with the following command:
@@ -32919,476 +31449,449 @@ unless approved and documented.</ATTRIBUTE_DATA>
 operational requirement.
 
     If the use of X Windows on the system is not documented with the
-Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Document the requirement for an X Windows server with the ISSO or remove
 the related packages with the following commands:
 
-    # rpm -e xorg-x11-server-common</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a7c389a6-445c-4677-b715-582886a80df3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package xorg-x11-server-common is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86757r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030550</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # rpm -e xorg-x11-server-common</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72307\" do\n  title \"The Red Hat Enterprise Linux operating system must not have an X\nWindows display manager installed unless approved.\"\n  desc  \"Internet services that are not required for system or application\nprocesses must not be active to decrease the attack surface of the system. X\nWindows has a long history of security vulnerabilities and will not be used\nunless approved and documented.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that if the system has X Windows System installed, it is authorized.\n\n    Check for the X11 package with the following command:\n\n    # rpm -qa | grep xorg | grep server\n\n    Ask the System Administrator if use of the X Windows System is an\noperational requirement.\n\n    If the use of X Windows on the system is not documented with the\nInformation System Security Officer (ISSO), this is a finding.\n  \"\n  desc  \"fix\", \"\n    Document the requirement for an X Windows server with the ISSO or remove\nthe related packages with the following commands:\n\n    # rpm -e xorg-x11-server-common\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72307\"\n  tag rid: \"SV-86931r4_rule\"\n  tag stig_id: \"RHEL-07-040730\"\n  tag fix_id: \"F-78661r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  x11_enabled = input('x11_enabled')\n\n  describe package('xorg-x11-server-common') do\n    it { should_not be_installed }\n  end if !x11_enabled\n\n  describe package('xorg-x11-server-common') do\n    it { should be_installed }\n  end if x11_enabled\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package xorg-x11-server-common is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86757r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030550</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the ftruncate syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the ftruncate syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ftruncate&quot; syscall occur.
+successful/unsuccessful attempts to use the "ftruncate" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw ftruncate &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw ftruncate /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;ftruncate&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"ftruncate" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ftruncate&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6d95d5bb-6b3b-46f5-a855-bb645de75423</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71941</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000118-GPOS-00060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86565r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "ftruncate" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72133\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe ftruncate syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"ftruncate\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw ftruncate /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"ftruncate\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"ftruncate\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72133\"\n  tag rid: \"SV-86757r5_rule\"\n  tag stig_id: \"RHEL-07-030550\"\n  tag fix_id: \"F-78485r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"ftruncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"ftruncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"ftruncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"ftruncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71941</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000118-GPOS-00060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86565r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable account
-identifiers (individuals, groups, roles, and devices) if the password expires.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identifiers (individuals, groups, roles, and devices) if the password expires.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inactive identifiers pose a risk to systems and applications because
 attackers may exploit an inactive identifier and potentially obtain undetected
 access to the system. Owners of inactive accounts will not notice if
 unauthorized access to their user account has been obtained.
 
     Operating systems need to track periods of inactivity and disable
-application identifiers after zero days of inactivity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+application identifiers after zero days of inactivity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system disables account identifiers (individuals,
 groups, roles, and devices) after the password expires with the following
 command:
 
-    # grep -i inactive &#x2F;etc&#x2F;default&#x2F;useradd
-    INACTIVE&#x3D;0
+    # grep -i inactive /etc/default/useradd
+    INACTIVE=0
 
-    If the value is not set to &quot;0&quot;, is commented out, or is not defined, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is not set to "0", is commented out, or is not defined, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable account identifiers (individuals,
 groups, roles, and devices) after the password expires.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;default&#x2F;useradd&quot; (or modify the line to
+    Add the following line to "/etc/default/useradd" (or modify the line to
 have the required value):
 
-    INACTIVE&#x3D;0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4b03757f-af2d-401e-8258-657cd45fdede</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;default&#x2F;useradd INACTIVE is expected to cmp &gt;&#x3D; 0
---------------------------------
-passed
-Parse Config File &#x2F;etc&#x2F;default&#x2F;useradd INACTIVE is expected to cmp &lt;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86837r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-032000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    INACTIVE=0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71941\" do\n  title \"The Red Hat Enterprise Linux operating system must disable account\nidentifiers (individuals, groups, roles, and devices) if the password expires.\"\n  desc  \"Inactive identifiers pose a risk to systems and applications because\nattackers may exploit an inactive identifier and potentially obtain undetected\naccess to the system. Owners of inactive accounts will not notice if\nunauthorized access to their user account has been obtained.\n\n    Operating systems need to track periods of inactivity and disable\napplication identifiers after zero days of inactivity.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system disables account identifiers (individuals,\ngroups, roles, and devices) after the password expires with the following\ncommand:\n\n    # grep -i inactive /etc/default/useradd\n    INACTIVE=0\n\n    If the value is not set to \\\"0\\\", is commented out, or is not defined, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable account identifiers (individuals,\ngroups, roles, and devices) after the password expires.\n\n    Add the following line to \\\"/etc/default/useradd\\\" (or modify the line to\nhave the required value):\n\n    INACTIVE=0\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000118-GPOS-00060\"\n  tag gid: \"V-71941\"\n  tag rid: \"SV-86565r2_rule\"\n  tag stig_id: \"RHEL-07-010310\"\n  tag fix_id: \"F-78293r1_fix\"\n  tag cci: [\"CCI-000795\"]\n  tag nist: [\"IA-4 e\", \"Rev_4\"]\n\n  days_of_inactivity = input('days_of_inactivity')\n\n  describe parse_config_file(\"/etc/default/useradd\") do\n    its('INACTIVE') { should cmp &gt;= 0 }\n    its('INACTIVE') { should cmp &lt;= days_of_inactivity }\n  end\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/default/useradd INACTIVE is expected to cmp &gt;= 0
+--------------------------------
+passed :: TEST Parse Config File /etc/default/useradd INACTIVE is expected to cmp &lt;= 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86837r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-032000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a virus scan
-program.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+program.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Virus scanning software can be used to protect a system from
 penetration from computer viruses and to limit their spread through
 intermediate systems.
@@ -33399,749 +31902,712 @@ must be configured to scan, at a minimum, all altered files on the system on a
 daily basis.
 
     If the system processes inbound SMTP mail, the virus scanner must be
-configured to scan all received mail.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configured to scan all received mail.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify an anti-virus solution is installed on the system. The anti-virus
 solution may be bundled with an approved host-based security solution.
 
     If there is no anti-virus solution installed on the system, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Install an antivirus solution on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d7c371c9-3f60-4507-8131-298763da6306</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001668</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service nails is expected to be running
-expected that &#x60;Service nails&#x60; is running
---------------------------------
-passed
-Service clamav-daemon.socket is expected to be running
-expected that &#x60;Service clamav-daemon.socket&#x60; is running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72283</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86907r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Install an antivirus solution on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72213\" do\n  title \"The Red Hat Enterprise Linux operating system must use a virus scan\nprogram.\"\n  desc  \"Virus scanning software can be used to protect a system from\npenetration from computer viruses and to limit their spread through\nintermediate systems.\n\n    The virus scanning software should be configured to perform scans\ndynamically on accessed files. If this capability is not available, the system\nmust be configured to scan, at a minimum, all altered files on the system on a\ndaily basis.\n\n    If the system processes inbound SMTP mail, the virus scanner must be\nconfigured to scan all received mail.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify an anti-virus solution is installed on the system. The anti-virus\nsolution may be bundled with an approved host-based security solution.\n\n    If there is no anti-virus solution installed on the system, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Install an antivirus solution on the system.\"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72213\"\n  tag rid: \"SV-86837r3_rule\"\n  tag stig_id: \"RHEL-07-032000\"\n  tag fix_id: \"F-78567r2_fix\"\n  tag cci: [\"CCI-001668\"]\n  tag nist: [\"SI-3 a\", \"Rev_4\"]\n\n  custom_antivirus = input('custom_antivirus')\n\n  if ! custom_antivirus\n    describe.one do\n      describe service('nails') do\n      it { should be_running }\n    end\n    describe service('clamav-daemon.socket') do\n      it { should be_running }\n      end\n    end\n  else\n    # Allow user to provide a description of their AV solution\n    # for documentation.\n    custom_antivirus_description = input('custom_antivirus_description')\n    describe \"Antivirus: #{custom_antivirus_description}\" do\n      subject { custom_antivirus_description }\n      it { should_not cmp 'None' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001668</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service nails is expected to be running :: MESSAGE expected that `Service nails` is running
+--------------------------------
+passed :: TEST Service clamav-daemon.socket is expected to be running :: MESSAGE expected that `Service clamav-daemon.socket` is running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72283</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86907r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward
-Internet Protocol version 4 (IPv4) source-routed packets.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Internet Protocol version 4 (IPv4) source-routed packets.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv4
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not accept IPv4 source-routed packets.
 
-    # grep net.ipv4.conf.all.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    net.ipv4.conf.all.accept_source_route = 0
 
-    If &quot; net.ipv4.conf.all.accept_source_route &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.all.accept_source_route " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.all.accept_source_route
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route
+    net.ipv4.conf.all.accept_source_route = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    net.ipv4.conf.all.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl -system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4cd2ca5a-e4d7-499c-a6f0-399acb77a50f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72263</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86887r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl -system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72283\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward\nInternet Protocol version 4 (IPv4) source-routed packets.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv4\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not accept IPv4 source-routed packets.\n\n    # grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    net.ipv4.conf.all.accept_source_route = 0\n\n    If \\\" net.ipv4.conf.all.accept_source_route \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route\n    net.ipv4.conf.all.accept_source_route = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl -system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72283\"\n  tag rid: \"SV-86907r2_rule\"\n  tag stig_id: \"RHEL-07-040610\"\n  tag fix_id: \"F-78637r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.accept_source_route') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72263</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86887r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon performs strict mode checking of home directory
-configuration files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+configuration files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If other users have access to modify user-specific SSH configuration
-files, they may be able to log on to the system as another user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+files, they may be able to log on to the system as another user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs strict mode checking of home directory
 configuration files.
 
-    The location of the &quot;sshd_config&quot; file may vary if a different daemon is
+    The location of the "sshd_config" file may vary if a different daemon is
 in use.
 
-    Inspect the &quot;sshd_config&quot; file with the following command:
+    Inspect the "sshd_config" file with the following command:
 
-    # grep -i strictmodes &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i strictmodes /etc/ssh/sshd_config
 
     StrictModes yes
 
-    If &quot;StrictModes&quot; is set to &quot;no&quot;, is missing, or the returned line is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;StrictModes&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this
+    If "StrictModes" is set to "no", is missing, or the returned line is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" (this
 file may be named differently or be in a different location if using a version
-of SSH that is provided by a third-party vendor) and set the value to &quot;yes&quot;:
+of SSH that is provided by a third-party vendor) and set the value to "yes":
 
     StrictModes yes
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>97cdc125-4d2a-4526-a540-25606f6c5b58</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration StrictModes is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72065</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86689r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72263\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon performs strict mode checking of home directory\nconfiguration files.\"\n  desc  \"If other users have access to modify user-specific SSH configuration\nfiles, they may be able to log on to the system as another user.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs strict mode checking of home directory\nconfiguration files.\n\n    The location of the \\\"sshd_config\\\" file may vary if a different daemon is\nin use.\n\n    Inspect the \\\"sshd_config\\\" file with the following command:\n\n    # grep -i strictmodes /etc/ssh/sshd_config\n\n    StrictModes yes\n\n    If \\\"StrictModes\\\" is set to \\\"no\\\", is missing, or the returned line is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"StrictModes\\\" keyword in \\\"/etc/ssh/sshd_config\\\" (this\nfile may be named differently or be in a different location if using a version\nof SSH that is provided by a third-party vendor) and set the value to \\\"yes\\\":\n\n    StrictModes yes\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72263\"\n  tag rid: \"SV-86887r3_rule\"\n  tag stig_id: \"RHEL-07-040450\"\n  tag fix_id: \"F-78617r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('StrictModes') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration StrictModes is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72065</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86689r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for &#x2F;tmp (or equivalent).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for /tmp (or equivalent).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for &quot;&#x2F;tmp&quot;.
-
-    Check that a file system&#x2F;partition has been created for &quot;&#x2F;tmp&quot; with the
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for "/tmp".
+
+    Check that a file system/partition has been created for "/tmp" with the
 following command:
 
     # systemctl is-enabled tmp.mount
     enabled
 
-    If the &quot;tmp.mount&quot; service is not enabled, check to see if &quot;&#x2F;tmp&quot; is
+    If the "tmp.mount" service is not enabled, check to see if "/tmp" is
 defined in the fstab with a device and mount point:
 
-    # grep -i &#x2F;tmp &#x2F;etc&#x2F;fstab
-    UUID&#x3D;a411dc99-f2a1-4c87-9e05-184977be8539 &#x2F;tmp   ext4
-rw,relatime,discard,data&#x3D;ordered,nosuid,noexec, 0 0
+    # grep -i /tmp /etc/fstab
+    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /tmp   ext4
+rw,relatime,discard,data=ordered,nosuid,noexec, 0 0
 
-    If &quot;tmp.mount&quot; service is not enabled and the &quot;&#x2F;tmp&quot; directory is not
-defined in the fstab with a device and mount point, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Start the &quot;tmp.mount&quot; service with the following command:
+    If "tmp.mount" service is not enabled and the "/tmp" directory is not
+defined in the fstab with a device and mount point, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Start the "tmp.mount" service with the following command:
 
     # systemctl enable tmp.mount
 
     OR
 
-    Edit the &quot;&#x2F;etc&#x2F;fstab&quot; file and ensure the &quot;&#x2F;tmp&quot; directory is defined
-in the fstab with a device and mount point.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>03cbe014-6879-428b-b1ac-ebcc068623ef</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service tmp.mount is expected to be enabled
-expected that &#x60;Service tmp.mount&#x60; is enabled
---------------------------------
-passed
-File System Table File (fstab) with mount_point &#x3D;&#x3D; &quot;&#x2F;tmp&quot; Should have a device name specified
-expected nil to respond to &#x60;empty?&#x60;
---------------------------------
-passed
-File System Table File (fstab) with mount_point &#x3D;&#x3D; &quot;&#x2F;tmp&quot; count is expected to cmp &#x3D;&#x3D; 1
-
+    Edit the "/etc/fstab" file and ensure the "/tmp" directory is defined
+in the fstab with a device and mount point.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72065\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for /tmp (or equivalent).\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for \\\"/tmp\\\".\n\n    Check that a file system/partition has been created for \\\"/tmp\\\" with the\nfollowing command:\n\n    # systemctl is-enabled tmp.mount\n    enabled\n\n    If the \\\"tmp.mount\\\" service is not enabled, check to see if \\\"/tmp\\\" is\ndefined in the fstab with a device and mount point:\n\n    # grep -i /tmp /etc/fstab\n    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /tmp   ext4\nrw,relatime,discard,data=ordered,nosuid,noexec, 0 0\n\n    If \\\"tmp.mount\\\" service is not enabled and the \\\"/tmp\\\" directory is not\ndefined in the fstab with a device and mount point, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Start the \\\"tmp.mount\\\" service with the following command:\n\n    # systemctl enable tmp.mount\n\n    OR\n\n    Edit the \\\"/etc/fstab\\\" file and ensure the \\\"/tmp\\\" directory is defined\nin the fstab with a device and mount point.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72065\"\n  tag rid: \"SV-86689r3_rule\"\n  tag stig_id: \"RHEL-07-021340\"\n  tag fix_id: \"F-78417r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe systemd_service('tmp.mount') do\n      it { should be_enabled }\n    end\n    describe etc_fstab.where { mount_point == '/tmp' } do\n      its('count') { should cmp 1 }\n      it 'Should have a device name specified' do\n        expect(subject.device_name[0]).to_not(be_empty)\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service tmp.mount is expected to be enabled :: MESSAGE expected that `Service tmp.mount` is enabled
+--------------------------------
+passed :: TEST File System Table File (fstab) with mount_point == "/tmp" Should have a device name specified :: MESSAGE expected nil to respond to `empty?`
+--------------------------------
+passed :: TEST File System Table File (fstab) with mount_point == "/tmp" count is expected to cmp == 1 :: MESSAGE 
 expected: 1
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72107</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86731r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72107</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86731r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchmod syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchmod syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmod" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw fchmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchmod /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchmod&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchmod" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmod" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>95e61e8d-72d1-48c1-89af-dbb02435f328</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71935</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000078-GPOS-00046</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86559r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010280</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72107\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchmod syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmod\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw fchmod /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchmod\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmod\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72107\"\n  tag rid: \"SV-86731r5_rule\"\n  tag stig_id: \"RHEL-07-030420\"\n  tag fix_id: \"F-78459r9_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchmod\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchmod\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71935</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000078-GPOS-00046</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86559r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010280</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are a minimum of 15 characters in length.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are a minimum of 15 characters in length.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The shorter the password, the lower the number of possible
 combinations that need to be tested before the password is compromised.
 
@@ -34149,303 +32615,291 @@ combinations that need to be tested before the password is compromised.
 password in resisting attempts at guessing and brute-force attacks. Password
 length is one factor of several that helps to determine strength and how long
 it takes to crack a password. Use of more characters in a password helps to
-exponentially increase the time and&#x2F;or resources required to compromise the
-password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+exponentially increase the time and/or resources required to compromise the
+password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces a minimum 15-character password
-length. The &quot;minlen&quot; option sets the minimum number of characters in a new
+length. The "minlen" option sets the minimum number of characters in a new
 password.
 
-    Check for the value of the &quot;minlen&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "minlen" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep minlen &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    minlen &#x3D; 15
+    # grep minlen /etc/security/pwquality.conf
+    minlen = 15
 
-    If the command does not return a &quot;minlen&quot; value of 15 or greater, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a "minlen" value of 15 or greater, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure operating system to enforce a minimum 15-character password
 length.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    minlen &#x3D; 15</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5c670225-2c4e-4371-9a4b-be839894230e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf minlen.to_i is expected to cmp &gt;&#x3D; 15</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71947</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86571r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    minlen = 15</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71935\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are a minimum of 15 characters in length.\"\n  desc  \"The shorter the password, the lower the number of possible\ncombinations that need to be tested before the password is compromised.\n\n    Password complexity, or strength, is a measure of the effectiveness of a\npassword in resisting attempts at guessing and brute-force attacks. Password\nlength is one factor of several that helps to determine strength and how long\nit takes to crack a password. Use of more characters in a password helps to\nexponentially increase the time and/or resources required to compromise the\npassword.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces a minimum 15-character password\nlength. The \\\"minlen\\\" option sets the minimum number of characters in a new\npassword.\n\n    Check for the value of the \\\"minlen\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep minlen /etc/security/pwquality.conf\n    minlen = 15\n\n    If the command does not return a \\\"minlen\\\" value of 15 or greater, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure operating system to enforce a minimum 15-character password\nlength.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    minlen = 15\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000078-GPOS-00046\"\n  tag gid: \"V-71935\"\n  tag rid: \"SV-86559r2_rule\"\n  tag stig_id: \"RHEL-07-010280\"\n  tag fix_id: \"F-78287r1_fix\"\n  tag cci: [\"CCI-000205\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  min_len = input('min_len')\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('minlen.to_i') { should cmp &gt;= min_len }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf minlen.to_i is expected to cmp &gt;= 15</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71947</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86571r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that users must provide a password for privilege escalation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that users must provide a password for privilege escalation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without re-authentication, users may access resources or perform tasks
 for which they do not have authorization.
 
     When operating systems provide the capability to escalate a functional
-capability, it is critical the user re-authenticate.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+capability, it is critical the user re-authenticate.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system requires users to supply a password for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; and &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot;
+    Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*"
 files with the following command:
 
-    # grep -i nopasswd &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
+    # grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
 
-    If any uncommented line is found with a &quot;NOPASSWD&quot; tag, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any uncommented line is found with a "NOPASSWD" tag, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require users to supply a password for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; file with the following
+    Check the configuration of the "/etc/sudoers" file with the following
 command:
     # visudo
 
-    Remove any occurrences of &quot;NOPASSWD&quot; tags in the file.
+    Remove any occurrences of "NOPASSWD" tags in the file.
 
-    Check the configuration of the &#x2F;etc&#x2F;sudoers.d&#x2F;* files with the following
+    Check the configuration of the /etc/sudoers.d/* files with the following
 command:
-    # grep -i nopasswd &#x2F;etc&#x2F;sudoers.d&#x2F;*
-
-    Remove any occurrences of &quot;NOPASSWD&quot; tags in the file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0aaf3c2a-2a18-44a8-9dae-1a2b6be8e81d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i nopasswd &#x2F;etc&#x2F;sudoers.d&#x2F;90-cloud-init-users&#x60; stdout is expected not to match &#x2F;^[^#]*NOPASSWD&#x2F;
-expected &quot;ec2-user ALL&#x3D;(ALL) NOPASSWD:ALL\n&quot; not to match &#x2F;^[^#]*NOPASSWD&#x2F;
+    # grep -i nopasswd /etc/sudoers.d/*
+
+    Remove any occurrences of "NOPASSWD" tags in the file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71947\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat users must provide a password for privilege escalation.\"\n  desc  \"Without re-authentication, users may access resources or perform tasks\nfor which they do not have authorization.\n\n    When operating systems provide the capability to escalate a functional\ncapability, it is critical the user re-authenticate.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system requires users to supply a password for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" and \\\"/etc/sudoers.d/*\\\"\nfiles with the following command:\n\n    # grep -i nopasswd /etc/sudoers /etc/sudoers.d/*\n\n    If any uncommented line is found with a \\\"NOPASSWD\\\" tag, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require users to supply a password for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" file with the following\ncommand:\n    # visudo\n\n    Remove any occurrences of \\\"NOPASSWD\\\" tags in the file.\n\n    Check the configuration of the /etc/sudoers.d/* files with the following\ncommand:\n    # grep -i nopasswd /etc/sudoers.d/*\n\n    Remove any occurrences of \\\"NOPASSWD\\\" tags in the file.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000373-GPOS-00156\"\n  tag satisfies: [\"SRG-OS-000373-GPOS-00156\", \"SRG-OS-000373-GPOS-00157\",\n\"SRG-OS-000373-GPOS-00158\"]\n  tag gid: \"V-71947\"\n  tag rid: \"SV-86571r3_rule\"\n  tag stig_id: \"RHEL-07-010340\"\n  tag fix_id: \"F-78299r2_fix\"\n  tag cci: [\"CCI-002038\"]\n  tag nist: [\"IA-11\", \"Rev_4\"]\n\n  processed = []\n  to_process = ['/etc/sudoers', '/etc/sudoers.d']\n\n  while !to_process.empty?\n    in_process = to_process.pop\n    next if processed.include? in_process\n    processed.push in_process\n\n    if file(in_process).directory?\n      to_process.concat(\n        command(\"find #{in_process} -maxdepth 1 -mindepth 1\").\n          stdout.strip.split(\"\\n\").\n          select { |f| file(f).file? }\n      )\n    elsif file(in_process).file?\n      to_process.concat(\n        command(\"grep -E '#include\\\\s+' #{in_process} | sed 's/.*#include[[:space:]]*//g'\").\n          stdout.strip.split(\"\\n\").\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          select { |f| file(f).exist? }\n      )\n      to_process.concat(\n        command(\"grep -E '#includedir\\\\s+' #{in_process} | sed 's/.*#includedir[[:space:]]*//g'\").\n          stdout.strip.split(\"\\n\").\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          select { |f| file(f).exist? }\n      )\n    end\n  end\n\n  sudoers = processed.select { |f| file(f).file? }\n\n  sudoers.each do |sudoer|\n    describe command(\"grep -i nopasswd #{sudoer}\") do\n      its('stdout') { should_not match %r{^[^#]*NOPASSWD} }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i nopasswd /etc/sudoers.d/90-cloud-init-users` stdout is expected not to match /^[^#]*NOPASSWD/ :: MESSAGE expected "ec2-user ALL=(ALL) NOPASSWD:ALL\n" not to match /^[^#]*NOPASSWD/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^[^#]*NOPASSWD&#x2F;
-+ec2-user ALL&#x3D;(ALL) NOPASSWD:ALL
-
---------------------------------
-passed
-Command: &#x60;grep -i nopasswd &#x2F;etc&#x2F;sudoers&#x60; stdout is expected not to match &#x2F;^[^#]*NOPASSWD&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000028-GPOS-00009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86515r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^[^#]*NOPASSWD/
++ec2-user ALL=(ALL) NOPASSWD:ALL
+
+--------------------------------
+passed :: TEST Command: `grep -i nopasswd /etc/sudoers` stdout is expected not to match /^[^#]*NOPASSWD/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000028-GPOS-00009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86515r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable a user
 session lock until that user re-establishes access using established
-identification and authentication procedures.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identification and authentication procedures.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -34455,15 +32909,15 @@ determined.
 
     Regardless of where the session lock is determined and implemented, once
 invoked, the session lock must remain in place until the user reauthenticates.
-No other activity aside from reauthentication must unlock the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system enables a user&#39;s session lock until that user
+No other activity aside from reauthentication must unlock the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system enables a user's session lock until that user
 re-establishes access using established identification and authentication
 procedures. The screen program must be installed to lock sessions on the
 console.
@@ -34473,176 +32927,170 @@ Applicable.
 
     Check to see if the screen lock is enabled with the following command:
 
-    # grep -i lock-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    lock-enabled&#x3D;true
+    # grep -i lock-enabled /etc/dconf/db/local.d/*
+    lock-enabled=true
 
-    If the &quot;lock-enabled&quot; setting is missing or is not set to &quot;true&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to enable a user&#39;s session lock until that
+    If the "lock-enabled" setting is missing or is not set to "true", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to enable a user's session lock until that
 user re-establishes access using established identification and authentication
 procedures.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following example:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
-    Edit the &quot;[org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]&quot; section of the database file
+    Edit the "[org/gnome/desktop/screensaver]" section of the database file
 and add or update the following lines:
 
     # Set this to true to lock the screen when the screensaver activates
-    lock-enabled&#x3D;true
+    lock-enabled=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f74f92b7-577c-49a4-8487-f406df647b89</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000056</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86479r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71891\" do\n  title \"The Red Hat Enterprise Linux operating system must enable a user\nsession lock until that user re-establishes access using established\nidentification and authentication procedures.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    Regardless of where the session lock is determined and implemented, once\ninvoked, the session lock must remain in place until the user reauthenticates.\nNo other activity aside from reauthentication must unlock the system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enables a user's session lock until that user\nre-establishes access using established identification and authentication\nprocedures. The screen program must be installed to lock sessions on the\nconsole.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if the screen lock is enabled with the following command:\n\n    # grep -i lock-enabled /etc/dconf/db/local.d/*\n    lock-enabled=true\n\n    If the \\\"lock-enabled\\\" setting is missing or is not set to \\\"true\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enable a user's session lock until that\nuser re-establishes access using established identification and authentication\nprocedures.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following example:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Edit the \\\"[org/gnome/desktop/screensaver]\\\" section of the database file\nand add or update the following lines:\n\n    # Set this to true to lock the screen when the screensaver activates\n    lock-enabled=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000028-GPOS-00009\"\n  tag satisfies: [\"SRG-OS-000028-GPOS-00009\", \"SRG-OS-000030-GPOS-00011\"]\n  tag gid: \"V-71891\"\n  tag rid: \"SV-86515r6_rule\"\n  tag stig_id: \"RHEL-07-010060\"\n  tag fix_id: \"F-78243r9_fix\"\n  tag cci: [\"CCI-000056\"]\n  tag nist: [\"AC-11 b\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command('gsettings get org.gnome.desktop.screensaver lock-enabled') do\n      its('stdout.strip') { should cmp 'true' }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000056</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86479r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cryptographic hash of system files and commands matches vendor values.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the cryptographic hash of system files and commands matches vendor values.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, system command and files
 can be altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the cryptographic hash of system files and commands match the vendor
 values.
 
     Check the cryptographic hash of system files and commands with the
 following command:
 
-    Note: System configuration files (indicated by a &quot;c&quot; in the second
+    Note: System configuration files (indicated by a "c" in the second
 column) are expected to change over time. Unusual modifications should be
 investigated through the system audit log.
 
-    # rpm -Va --noconfig | grep &#39;^..5&#39;
+    # rpm -Va --noconfig | grep '^..5'
 
     If there is any output from the command for system files or binaries, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the file:
 
     # rpm -qf &lt;filename&gt;
@@ -34654,281 +33102,269 @@ is a finding.</ATTRIBUTE_DATA>
     Alternatively, the package can be reinstalled from trusted media using the
 command:
 
-    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>95452236-4bb1-493c-923d-4becb938f6b8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long to run and has been disabled
-    using the disable_slow_controls attribute.
-This control consistently takes a long to run and has been disabled
+    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71855\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cryptographic hash of system files and commands matches vendor values.\"\n  desc  \"Without cryptographic integrity protections, system command and files\ncan be altered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the cryptographic hash of system files and commands match the vendor\nvalues.\n\n    Check the cryptographic hash of system files and commands with the\nfollowing command:\n\n    Note: System configuration files (indicated by a \\\"c\\\" in the second\ncolumn) are expected to change over time. Unusual modifications should be\ninvestigated through the system audit log.\n\n    # rpm -Va --noconfig | grep '^..5'\n\n    If there is any output from the command for system files or binaries, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the file:\n\n    # rpm -qf &lt;filename&gt;\n\n    The package can be reinstalled from a yum repository using the command:\n\n    # sudo yum reinstall &lt;packagename&gt;\n\n    Alternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n    # sudo rpm -Uvh &lt;packagename&gt;\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71855\"\n  tag rid: \"SV-86479r4_rule\"\n  tag stig_id: \"RHEL-07-010020\"\n  tag fix_id: \"F-78207r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\nif input('disable_slow_controls')\n    describe \"This control consistently takes a long to run and has been disabled\n    using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long to run and has been disabled\n      using the disable_slow_controls attribute. You must enable this control for a\n      full accredidation for production.\"\n    end\n  else\n    # grep excludes files that are marked with 'c' attribute (config files)\n    describe command(\"rpm -Va | grep '^..5' | grep -E -v '[a-z]*c[a-z]*\\\\s+\\\\S+$' | awk 'NF&gt;1{print $NF}'\").\n      stdout.strip.split(\"\\n\") do\n        it { should all(be_in rpm_verify_integrity_except) }\n      end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long to run and has been disabled
+    using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long to run and has been disabled
       using the disable_slow_controls attribute. You must enable this control for a
-      full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86833r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-031000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+      full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86833r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-031000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must send rsyslog output
-to a log aggregation server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+to a log aggregation server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Sending rsyslog output to another system ensures that the logs cannot
 be removed or modified in the event that the system is compromised or has a
-hardware failure.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify &quot;rsyslog&quot; is configured to send all messages to a log aggregation
+hardware failure.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify "rsyslog" is configured to send all messages to a log aggregation
 server.
 
-    Check the configuration of &quot;rsyslog&quot; with the following command:
+    Check the configuration of "rsyslog" with the following command:
 
     Note: If another logging package is used, substitute the utility
-configuration file for &quot;&#x2F;etc&#x2F;rsyslog.conf&quot;.
+configuration file for "/etc/rsyslog.conf".
 
-    # grep @ &#x2F;etc&#x2F;rsyslog.conf &#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf
+    # grep @ /etc/rsyslog.conf /etc/rsyslog.d/*.conf
     *.* @@logagg.site.mil
 
-    If there are no lines in the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or
-&quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files that contain the &quot;@&quot; or &quot;@@&quot; symbol(s), and
+    If there are no lines in the "/etc/rsyslog.conf" or
+"/etc/rsyslog.d/*.conf" files that contain the "@" or "@@" symbol(s), and
 the lines with the correct symbol(s) to send output to another system do not
-cover all &quot;rsyslog&quot; output, ask the System Administrator to indicate how the
+cover all "rsyslog" output, ask the System Administrator to indicate how the
 audit logs are off-loaded to a different system or media.
 
     If the lines are commented out or there is no evidence that the audit logs
-are being sent to another system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Modify the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or an &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; file to
-contain a configuration line to send all &quot;rsyslog&quot; output to a log
+are being sent to another system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Modify the "/etc/rsyslog.conf" or an "/etc/rsyslog.d/*.conf" file to
+contain a configuration line to send all "rsyslog" output to a log
 aggregation system:
-    *.* @@&lt;log aggregation system name&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>41cb1049-e696-4708-aadb-a25a7ef6282e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep @ &#x2F;etc&#x2F;rsyslog.conf | grep -v &quot;^#&quot;&#x60; stdout.strip is expected not to be empty
-expected &#x60;&quot;&quot;.empty?&#x60; to return false, got true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71899</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86523r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    *.* @@&lt;log aggregation system name&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72209\" do\n  title \"The Red Hat Enterprise Linux operating system must send rsyslog output\nto a log aggregation server.\"\n  desc  \"Sending rsyslog output to another system ensures that the logs cannot\nbe removed or modified in the event that the system is compromised or has a\nhardware failure.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify \\\"rsyslog\\\" is configured to send all messages to a log aggregation\nserver.\n\n    Check the configuration of \\\"rsyslog\\\" with the following command:\n\n    Note: If another logging package is used, substitute the utility\nconfiguration file for \\\"/etc/rsyslog.conf\\\".\n\n    # grep @ /etc/rsyslog.conf /etc/rsyslog.d/*.conf\n    *.* @@logagg.site.mil\n\n    If there are no lines in the \\\"/etc/rsyslog.conf\\\" or\n\\\"/etc/rsyslog.d/*.conf\\\" files that contain the \\\"@\\\" or \\\"@@\\\" symbol(s), and\nthe lines with the correct symbol(s) to send output to another system do not\ncover all \\\"rsyslog\\\" output, ask the System Administrator to indicate how the\naudit logs are off-loaded to a different system or media.\n\n    If the lines are commented out or there is no evidence that the audit logs\nare being sent to another system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Modify the \\\"/etc/rsyslog.conf\\\" or an \\\"/etc/rsyslog.d/*.conf\\\" file to\ncontain a configuration line to send all \\\"rsyslog\\\" output to a log\naggregation system:\n    *.* @@&lt;log aggregation system name&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72209\"\n  tag rid: \"SV-86833r2_rule\"\n  tag stig_id: \"RHEL-07-031000\"\n  tag fix_id: \"F-78563r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  log_pkg_path = input('log_pkg_path')\n\n  describe command(\"grep @ #{log_pkg_path} | grep -v \\\"^#\\\"\") do\n    its('stdout.strip') { should_not be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep @ /etc/rsyslog.conf | grep -v "^#"` stdout.strip is expected not to be empty :: MESSAGE expected `"".empty?` to return false, got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71899</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86523r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a session
 lock for the screensaver after a period of inactivity for graphical user
-interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a session lock after a 15-minute
 period of inactivity for graphical user interfaces. The screen program must be
 installed to lock sessions on the console.
@@ -34938,161 +33374,155 @@ this requirement is Not Applicable.
 
     Check for the session lock settings with the following commands:
 
-    # grep -i idle-activation-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
+    # grep -i idle-activation-enabled /etc/dconf/db/local.d/*
 
-    idle-activation-enabled&#x3D;true
+    idle-activation-enabled=true
 
-    If &quot;idle-activation-enabled&quot; is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "idle-activation-enabled" is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a session lock after a 15-minute
 period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
     Add the setting to enable screensaver locking after 15 minutes of
 inactivity:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]
+    [org/gnome/desktop/screensaver]
 
-    idle-activation-enabled&#x3D;true
+    idle-activation-enabled=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3cdb2271-a7cf-4f82-9acb-3c81e28130e8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71901</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86525r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71899\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a session\nlock for the screensaver after a period of inactivity for graphical user\ninterfaces.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a session lock after a 15-minute\nperiod of inactivity for graphical user interfaces. The screen program must be\ninstalled to lock sessions on the console.\n\n    Note: If the system does not have a Graphical User Interface installed,\nthis requirement is Not Applicable.\n\n    Check for the session lock settings with the following commands:\n\n    # grep -i idle-activation-enabled /etc/dconf/db/local.d/*\n\n    idle-activation-enabled=true\n\n    If \\\"idle-activation-enabled\\\" is not set to \\\"true\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a session lock after a 15-minute\nperiod of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Add the setting to enable screensaver locking after 15 minutes of\ninactivity:\n\n    [org/gnome/desktop/screensaver]\n\n    idle-activation-enabled=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71899\"\n  tag rid: \"SV-86523r5_rule\"\n  tag stig_id: \"RHEL-07-010100\"\n  tag fix_id: \"F-78251r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command('gsettings get org.gnome.desktop.screensaver idle-activation-enabled') do\n      its('stdout.strip') { should cmp 'true' }\n    end \n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71901</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86525r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a session
-lock for graphical user interfaces when the screensaver is activated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+lock for graphical user interfaces when the screensaver is activated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a session lock a for graphical user
 interfaces when the screensaver is activated.
 
@@ -35103,155 +33533,149 @@ console.
     If GNOME is installed, check to see a session lock occurs when the
 screensaver is activated with the following command:
 
-    # grep -i lock-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    lock-delay&#x3D;uint32 5
+    # grep -i lock-delay /etc/dconf/db/local.d/*
+    lock-delay=uint32 5
 
-    If the &quot;lock-delay&quot; setting is missing, or is not set to &quot;5&quot; or less,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "lock-delay" setting is missing, or is not set to "5" or less,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a session lock for graphical
 user interfaces when a screensaver is activated.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
     Add the setting to enable session locking when a screensaver is activated:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]
-    lock-delay&#x3D;uint32 5
+    [org/gnome/desktop/screensaver]
+    lock-delay=uint32 5
 
-    The &quot;uint32&quot; must be included along with the integer key values as shown.
+    The "uint32" must be included along with the integer key values as shown.
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d50a8475-95a0-4412-b15f-e2b3ae20c2ff</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72069</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86693r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71901\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a session\nlock for graphical user interfaces when the screensaver is activated.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a session lock a for graphical user\ninterfaces when the screensaver is activated.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    If GNOME is installed, check to see a session lock occurs when the\nscreensaver is activated with the following command:\n\n    # grep -i lock-delay /etc/dconf/db/local.d/*\n    lock-delay=uint32 5\n\n    If the \\\"lock-delay\\\" setting is missing, or is not set to \\\"5\\\" or less,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a session lock for graphical\nuser interfaces when a screensaver is activated.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Add the setting to enable session locking when a screensaver is activated:\n\n    [org/gnome/desktop/screensaver]\n    lock-delay=uint32 5\n\n    The \\\"uint32\\\" must be included along with the integer key values as shown.\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71901\"\n  tag rid: \"SV-86525r3_rule\"\n  tag stig_id: \"RHEL-07-010110\"\n  tag fix_id: \"F-78253r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command(\"gsettings get org.gnome.desktop.screensaver lock-delay | cut -d ' ' -f2\") do\n      its('stdout.strip') { should cmp &lt;= lock_delay }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72069</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86693r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the file integrity tool is configured to verify Access Control Lists
-(ACLs).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(ACLs).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ACLs can provide permissions beyond those permitted through the file
-mode and must be verified by file integrity tools.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+mode and must be verified by file integrity tools.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to verify ACLs.
 
     Check to see if Advanced Intrusion Detection Environment (AIDE) is
@@ -35266,598 +33690,575 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;acl&quot; rule has been
+    Check the "aide.conf" file to determine if the "acl" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;acl&quot; rule is below:
+    An example rule that includes the "acl" rule is below:
 
-    All&#x3D; p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;acl&quot; rule is not being used on all uncommented selection lines in
-the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or ACLs are not being checked by another file
-integrity tool, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "acl" rule is not being used on all uncommented selection lines in
+the "/etc/aide.conf" file, or ACLs are not being checked by another file
+integrity tool, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to check file and directory ACLs.
 
-    If AIDE is installed, ensure the &quot;acl&quot; rule is present on all uncommented
-file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8a37ac41-ad03-4cb7-9847-49ee4e159641</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;acl&#39; rule is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72063</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86687r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "acl" rule is present on all uncommented
+file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72069\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file integrity tool is configured to verify Access Control Lists\n(ACLs).\"\n  desc  \"ACLs can provide permissions beyond those permitted through the file\nmode and must be verified by file integrity tools.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to verify ACLs.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"acl\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"acl\\\" rule is below:\n\n    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"acl\\\" rule is not being used on all uncommented selection lines in\nthe \\\"/etc/aide.conf\\\" file, or ACLs are not being checked by another file\nintegrity tool, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to check file and directory ACLs.\n\n    If AIDE is installed, ensure the \\\"acl\\\" rule is present on all uncommented\nfile and directory selection lists.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72069\"\n  tag rid: \"SV-86693r3_rule\"\n  tag stig_id: \"RHEL-07-021600\"\n  tag fix_id: \"F-78421r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  findings = []\n  aide_conf.where { !selection_line.start_with? '!' }.entries.each do |selection|\n    unless selection.rules.include? 'acl'\n      findings.append(selection.selection_line)\n    end\n  end\n\n  describe \"List of monitored files/directories without 'acl' rule\" do\n    subject { findings }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'acl' rule is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72063</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86687r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for the system audit data path.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for the system audit data path.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Determine if the operating system is configured to have the
-&quot;&#x2F;var&#x2F;log&#x2F;audit&quot; path is on a separate file system.
+"/var/log/audit" path is on a separate file system.
 
-    # grep &#x2F;var&#x2F;log&#x2F;audit &#x2F;etc&#x2F;fstab
+    # grep /var/log/audit /etc/fstab
 
     If no result is returned, or the operating system is not configured to have
-&quot;&#x2F;var&#x2F;log&#x2F;audit&quot; on a separate file system, this is a finding.
-
-    Verify that &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is mounted on a separate file system:
-
-    # mount | grep &quot;&#x2F;var&#x2F;log&#x2F;audit&quot;
-
-    If no result is returned, or &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is not on a separate file
-system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the system audit data path onto a separate file system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>24e3ce99-f7e9-438b-8df0-dd8617e3a42e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;var&#x2F;log&#x2F;audit is expected to be mounted
-
-Mount &#x2F;var&#x2F;log&#x2F;audit is not mounted
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72031</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86655r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/var/log/audit" on a separate file system, this is a finding.
+
+    Verify that "/var/log/audit" is mounted on a separate file system:
+
+    # mount | grep "/var/log/audit"
+
+    If no result is returned, or "/var/log/audit" is not on a separate file
+system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the system audit data path onto a separate file system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72063\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for the system audit data path.\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Determine if the operating system is configured to have the\n\\\"/var/log/audit\\\" path is on a separate file system.\n\n    # grep /var/log/audit /etc/fstab\n\n    If no result is returned, or the operating system is not configured to have\n\\\"/var/log/audit\\\" on a separate file system, this is a finding.\n\n    Verify that \\\"/var/log/audit\\\" is mounted on a separate file system:\n\n    # mount | grep \\\"/var/log/audit\\\"\n\n    If no result is returned, or \\\"/var/log/audit\\\" is not on a separate file\nsystem, this is a finding.\n  \"\n  desc  \"fix\", \"Migrate the system audit data path onto a separate file system.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72063\"\n  tag rid: \"SV-86687r6_rule\"\n  tag stig_id: \"RHEL-07-021330\"\n  tag fix_id: \"F-78415r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/var/log/audit') do\n    it {should be_mounted}\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /var/log/audit is expected to be mounted :: MESSAGE 
+Mount /var/log/audit is not mounted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72031</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86655r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local initialization files for local interactive users are be
-group-owned by the users primary group or root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+group-owned by the users primary group or root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Local initialization files for interactive users are used to configure
-the user&#39;s shell environment upon logon. Malicious modification of these files
-could compromise accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the user's shell environment upon logon. Malicious modification of these files
+could compromise accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the local initialization files of all local interactive users are
-group-owned by that user&#39;s primary Group Identifier (GID).
+group-owned by that user's primary Group Identifier (GID).
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and a primary group of &quot;users&quot;.
+"/home/smithj" and a primary group of "users".
 
-    # cut -d: -f 1,4,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1000:&#x2F;home&#x2F;smithj
+    # cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1000:/home/smithj
 
-    # grep 1000 &#x2F;etc&#x2F;group
+    # grep 1000 /etc/group
     users:x:1000:smithj,jonesj,jacksons
 
     Note: This may miss interactive users that have been assigned a privileged
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    Check the group owner of all local interactive user&#39;s initialization files
+    Check the group owner of all local interactive user's initialization files
 with the following command:
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
     -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
     -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something
 
-    If all local interactive user&#39;s initialization files are not group-owned by
-that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group owner of a local interactive user&#39;s files to the group
-found in &quot;&#x2F;etc&#x2F;passwd&quot; for the user. To change the group owner of a local
-interactive user&#39;s home directory, use the following command:
+    If all local interactive user's initialization files are not group-owned by
+that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group owner of a local interactive user's files to the group
+found in "/etc/passwd" for the user. To change the group owner of a local
+interactive user's home directory, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;, and has a primary group of users.
-
-    # chgrp users &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>20b304a9-8303-44eb-bc06-efa26e2609dd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {}&gt; length is expected to &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71923</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86547r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj", and has a primary group of users.
+
+    # chgrp users /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72031\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files for local interactive users are be\ngroup-owned by the users primary group or root.\"\n  desc  \"Local initialization files for interactive users are used to configure\nthe user's shell environment upon logon. Malicious modification of these files\ncould compromise accounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the local initialization files of all local interactive users are\ngroup-owned by that user's primary Group Identifier (GID).\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\" and a primary group of \\\"users\\\".\n\n    # cut -d: -f 1,4,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1000:/home/smithj\n\n    # grep 1000 /etc/group\n    users:x:1000:smithj,jonesj,jacksons\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    Check the group owner of all local interactive user's initialization files\nwith the following command:\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login\n    -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something\n\n    If all local interactive user's initialization files are not group-owned by\nthat user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group owner of a local interactive user's files to the group\nfound in \\\"/etc/passwd\\\" for the user. To change the group owner of a local\ninteractive user's home directory, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\", and has a primary group of users.\n\n    # chgrp users /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72031\"\n  tag rid: \"SV-86655r4_rule\"\n  tag stig_id: \"RHEL-07-020700\"\n  tag fix_id: \"F-78383r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    findings = findings + command(\"find #{user_info.home} -name '.*' -not -gid #{user_info.gid} -not -group root\").stdout.split(\"\\n\")\n  end\n  describe findings do\n    its('length') { should == 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {}&gt; length is expected to == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71923</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86547r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that user and group account administration utilities are configured to store
-only encrypted representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+only encrypted representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the user and group account administration utilities are configured
 to store only encrypted representations of passwords. The strength of
-encryption that must be used to hash passwords for all accounts is &quot;SHA512&quot;.
+encryption that must be used to hash passwords for all accounts is "SHA512".
 
-    Check that the system is configured to create &quot;SHA512&quot; hashed passwords
+    Check that the system is configured to create "SHA512" hashed passwords
 with the following command:
 
-    # grep -i sha512 &#x2F;etc&#x2F;libuser.conf
+    # grep -i sha512 /etc/libuser.conf
 
-    crypt_style &#x3D; sha512
+    crypt_style = sha512
 
-    If the &quot;crypt_style&quot; variable is not set to &quot;sha512&quot;, is not in the
-defaults section, is commented out, or does not exist, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "crypt_style" variable is not set to "sha512", is not in the
+defaults section, is commented out, or does not exist, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add or update the following line in &quot;&#x2F;etc&#x2F;libuser.conf&quot; in the [defaults]
+    Add or update the following line in "/etc/libuser.conf" in the [defaults]
 section:
 
-    crypt_style &#x3D; sha512</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e37a43de-7ac5-40dc-952b-394daf7e0300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;cat &#x2F;etc&#x2F;libuser.conf | grep -i sha512&#x60; stdout.strip is expected to match &#x2F;^crypt_style &#x3D; sha512$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81007</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95719r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010491</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    crypt_style = sha512</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71923\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat user and group account administration utilities are configured to store\nonly encrypted representations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the user and group account administration utilities are configured\nto store only encrypted representations of passwords. The strength of\nencryption that must be used to hash passwords for all accounts is \\\"SHA512\\\".\n\n    Check that the system is configured to create \\\"SHA512\\\" hashed passwords\nwith the following command:\n\n    # grep -i sha512 /etc/libuser.conf\n\n    crypt_style = sha512\n\n    If the \\\"crypt_style\\\" variable is not set to \\\"sha512\\\", is not in the\ndefaults section, is commented out, or does not exist, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add or update the following line in \\\"/etc/libuser.conf\\\" in the [defaults]\nsection:\n\n    crypt_style = sha512\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71923\"\n  tag rid: \"SV-86547r3_rule\"\n  tag stig_id: \"RHEL-07-010220\"\n  tag fix_id: \"F-78275r1_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe command(\"cat /etc/libuser.conf | grep -i sha512\") do\n    its('stdout.strip') { should match %r(^crypt_style = sha512$) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `cat /etc/libuser.conf | grep -i sha512` stdout.strip is expected to match /^crypt_style = sha512$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81007</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95719r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010491</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems version 7.2 or newer using
 Unified Extensible Firmware Interface (UEFI) must require authentication upon
-booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use BIOS, this is Not Applicable.
 
     For systems that are running a version of RHEL prior to 7.2, this is Not
@@ -35866,22 +34267,22 @@ Applicable.
     Check to see if an encrypted root password is set. On systems that use
 UEFI, use the following command:
 
-    # grep -iw grub2_password &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;user.cfg
-    GRUB2_PASSWORD&#x3D;grub.pbkdf2.sha512.[password_hash]
+    # grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
-    If the root password does not begin with &quot;grub.pbkdf2.sha512&quot;, this is a
+    If the root password does not begin with "grub.pbkdf2.sha512", this is a
 finding.
 
-    Verify that the &quot;root&quot; account is set as the &quot;superusers&quot;:
+    Verify that the "root" account is set as the "superusers":
 
-    # grep -iw &quot;superusers&quot; &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
-        set superusers&#x3D;&quot;root&quot;
+    # grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+        set superusers="root"
         export superusers
 
-    If &quot;superusers&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "superusers" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -35892,848 +34293,802 @@ finding.
     Enter password:
     Confirm password:
 
-    Edit the &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg file and add or modify the following
-lines in the &quot;### BEGIN &#x2F;etc&#x2F;grub.d&#x2F;01_users ###&quot; section:
-
-    set superusers&#x3D;&quot;root&quot;
-    export superusers</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ccd2b88b-b9c1-42c6-9fbc-993a1afa763a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-System running BIOS
-The System is running BIOS, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72119</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86743r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following
+lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+
+    set superusers="root"
+    export superusers</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81007\" do\n  title \"Red Hat Enterprise Linux operating systems version 7.2 or newer using\nUnified Extensible Firmware Interface (UEFI) must require authentication upon\nbooting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use BIOS, this is Not Applicable.\n\n    For systems that are running a version of RHEL prior to 7.2, this is Not\nApplicable.\n\n    Check to see if an encrypted root password is set. On systems that use\nUEFI, use the following command:\n\n    # grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg\n    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]\n\n    If the root password does not begin with \\\"grub.pbkdf2.sha512\\\", this is a\nfinding.\n\n    Verify that the \\\"root\\\" account is set as the \\\"superusers\\\":\n\n    # grep -iw \\\"superusers\\\" /boot/efi/EFI/redhat/grub.cfg\n        set superusers=\\\"root\\\"\n        export superusers\n\n    If \\\"superusers\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-setpassword\n    Enter password:\n    Confirm password:\n\n    Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following\nlines in the \\\"### BEGIN /etc/grub.d/01_users ###\\\" section:\n\n    set superusers=\\\"root\\\"\n    export superusers\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-81007\"\n  tag rid: \"SV-95719r1_rule\"\n  tag stig_id: \"RHEL-07-010491\"\n  tag fix_id: \"F-87841r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  unless file('/sys/firmware/efi').exist?\n    impact 0.0\n    describe \"System running BIOS\" do\n      skip \"The System is running BIOS, this control is Not Applicable.\"\n    end\n  else\n    unless os[:release] &gt;= \"7.2\"\n      impact 0.0\n      describe \"System running version of RHEL prior to 7.2\" do\n        skip \"The System is running an outdated version of RHEL, this control is Not Applicable.\"\n      end\n    else\n      impact 0.7\n      input('grub_uefi_user_boot_files').each do |grub_user_file|\n        describe parse_config_file(grub_user_file) do\n          its('GRUB2_PASSWORD') { should include \"grub.pbkdf2.sha512\"}\n        end\n      end\n\n      describe parse_config_file(input('grub_uefi_main_cfg')) do\n        its('set superusers') { should cmp '\"root\"' }  \n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST System running BIOS :: SKIP_MESSAGE The System is running BIOS, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72119</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86743r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fremovexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fremovexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fremovexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fremovexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fremovexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fremovexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fremovexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fremovexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fremovexattr&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    -a always,exit -F arch&#x3D;b64 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>19423c82-12ef-467a-a109-3a8cd70b5b6d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86821r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030870</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "fremovexattr" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72119\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fremovexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fremovexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fremovexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fremovexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fremovexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72119\"\n  tag rid: \"SV-86743r5_rule\"\n  tag stig_id: \"RHEL-07-030480\"\n  tag fix_id: \"F-78471r6_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fremovexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fremovexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86821r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030870</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;passwd.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/passwd.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;passwd&quot;.
+"/etc/passwd".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;passwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/passwd /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;passwd -p wa -k identity
+    -w /etc/passwd -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;passwd&quot;.
-
-    Add or update the following rule &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;passwd -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>424fe694-89dc-46ef-b289-f939bdaf2b23</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;passwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;passwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72125</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86749r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030510</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/passwd".
+
+    Add or update the following rule "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/passwd -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72197\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/passwd.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/passwd\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/passwd /etc/audit/audit.rules\n\n    -w /etc/passwd -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/passwd\\\".\n\n    Add or update the following rule \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/passwd -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag satisfies: [\"SRG-OS-000004-GPOS-00004\", \"SRG-OS-000239-GPOS-00089\",\n\"SRG-OS-000240-GPOS-00090\", \"SRG-OS-000241-GPOS-00091\",\n\"SRG-OS-000303-GPOS-00120\", \"SRG-OS-000476-GPOS-00221\"]\n  tag gid: \"V-72197\"\n  tag rid: \"SV-86821r5_rule\"\n  tag stig_id: \"RHEL-07-030870\"\n  tag fix_id: \"F-78551r4_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/passwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/passwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/passwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72125</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86749r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030510</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the open syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the open syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open&quot; syscall occur.
+successful/unsuccessful attempts to use the "open" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw open &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw open /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;open&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"open" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2dcd5185-e0d2-43d8-9e77-d454f9efeba7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86785r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "open" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72125\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe open syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"open\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw open /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"open\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"open\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72125\"\n  tag rid: \"SV-86749r5_rule\"\n  tag stig_id: \"RHEL-07-030510\"\n  tag fix_id: \"F-78477r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"open\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"open\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"open\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"open\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "open" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86785r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the sudo command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the sudo command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;sudo&quot; command occur.
+successful/unsuccessful attempts to use the "sudo" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;sudo &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/sudo /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;sudo -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;sudo&quot; command occur.
+successful/unsuccessful attempts to use the "sudo" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;sudo -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1081f55c-cea5-43b5-a97f-f99a71f550da</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;sudo&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;sudo&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86639r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72161\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe sudo command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"sudo\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/sudo /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"sudo\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72161\"\n  tag rid: \"SV-86785r4_rule\"\n  tag stig_id: \"RHEL-07-030690\"\n  tag fix_id: \"F-78513r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/sudo'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/sudo" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/sudo" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86639r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all local interactive user home directories are defined in the &#x2F;etc&#x2F;passwd
-file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all local interactive user home directories are defined in the /etc/passwd
+file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user has a home directory defined that does not
-exist, the user may be given access to the &#x2F; directory as the current working
+exist, the user may be given access to the / directory as the current working
 directory upon logon. This could create a Denial of Service because the user
 would not be able to access their logon configuration files, and it may give
-them visibility to system files they normally would not be able to access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+them visibility to system files they normally would not be able to access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users on the
 system exists.
 
     Check the home directory assignment for all local interactive
 non-privileged users on the system with the following command:
 
-    # cut -d: -f 1,3,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
+    # cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
 
-    smithj:1001:&#x2F;home&#x2F;smithj
+    smithj:1001:/home/smithj
 
     Note: This may miss interactive users that have been assigned a privileged
 UID. Evidence of interactive use may be obtained from a number of log files
@@ -36742,593 +35097,570 @@ containing system logon information.
     Check that all referenced home directories exist with the following command:
 
     # pwck -r
-    user &#39;smithj&#39;: directory &#39;&#x2F;home&#x2F;smithj&#39; does not exist
+    user 'smithj': directory '/home/smithj' does not exist
 
-    If any home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; are returned as not
-defined, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any home directories referenced in "/etc/passwd" are returned as not
+defined, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Create home directories to all local interactive users that currently do
 not have a home directory assigned. Use the following commands to create the
-user home directory assigned in &quot;&#x2F;etc&#x2F; passwd&quot;:
+user home directory assigned in "/etc/ passwd":
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;, a UID of &quot;smithj&quot;, and a Group Identifier (GID) of
-&quot;users&quot; assigned in &quot;&#x2F;etc&#x2F;passwd&quot;.
-
-    # mkdir &#x2F;home&#x2F;smithj
-    # chown smithj &#x2F;home&#x2F;smithj
-    # chgrp users &#x2F;home&#x2F;smithj
-    # chmod 0750 &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>05265cae-6236-4462-ab1e-e2ebdff2d04c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72293</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86917r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj", a UID of "smithj", and a Group Identifier (GID) of
+"users" assigned in "/etc/passwd".
+
+    # mkdir /home/smithj
+    # chown smithj /home/smithj
+    # chgrp users /home/smithj
+    # chmod 0750 /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72015\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are defined in the /etc/passwd\nfile.\"\n  desc  \"If a local interactive user has a home directory defined that does not\nexist, the user may be given access to the / directory as the current working\ndirectory upon logon. This could create a Denial of Service because the user\nwould not be able to access their logon configuration files, and it may give\nthem visibility to system files they normally would not be able to access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users on the\nsystem exists.\n\n    Check the home directory assignment for all local interactive\nnon-privileged users on the system with the following command:\n\n    # cut -d: -f 1,3,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n\n    smithj:1001:/home/smithj\n\n    Note: This may miss interactive users that have been assigned a privileged\nUID. Evidence of interactive use may be obtained from a number of log files\ncontaining system logon information.\n\n    Check that all referenced home directories exist with the following command:\n\n    # pwck -r\n    user 'smithj': directory '/home/smithj' does not exist\n\n    If any home directories referenced in \\\"/etc/passwd\\\" are returned as not\ndefined, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Create home directories to all local interactive users that currently do\nnot have a home directory assigned. Use the following commands to create the\nuser home directory assigned in \\\"/etc/ passwd\\\":\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\", a UID of \\\"smithj\\\", and a Group Identifier (GID) of\n\\\"users\\\" assigned in \\\"/etc/passwd\\\".\n\n    # mkdir /home/smithj\n    # chown smithj /home/smithj\n    # chgrp users /home/smithj\n    # chmod 0750 /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72015\"\n  tag rid: \"SV-86639r2_rule\"\n  tag stig_id: \"RHEL-07-020620\"\n  tag fix_id: \"F-78367r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72293</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86917r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not send Internet
-Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages contain
-information from the system&#39;s route table, possibly revealing portions of the
-network topology.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information from the system's route table, possibly revealing portions of the
+network topology.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not send IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.all.send_redirects&#39; &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot;net.ipv4.conf.all.send_redirects&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or
-does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv4.conf.all.send_redirects" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or
+does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;all send_redirects&quot;
+    Check that the operating system implements the "all send_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.all.send_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'
 
-    net.ipv4.conf.all.send_redirects &#x3D; 0
+    net.ipv4.conf.all.send_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to not allow interfaces to perform IPv4 ICMP
 redirects.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.send_redirects &#x3D; 0
+    net.ipv4.conf.all.send_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>61e094ec-7aca-4d62-b684-ff322d21d1b7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.send_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72141</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86765r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030590</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72293\" do\n  title \"The Red Hat Enterprise Linux operating system must not send Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages contain\ninformation from the system's route table, possibly revealing portions of the\nnetwork topology.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not send IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\"net.ipv4.conf.all.send_redirects\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"all send_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'\n\n    net.ipv4.conf.all.send_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to not allow interfaces to perform IPv4 ICMP\nredirects.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.send_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72293\"\n  tag rid: \"SV-86917r3_rule\"\n  tag stig_id: \"RHEL-07-040660\"\n  tag fix_id: \"F-78647r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.send_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.send_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72141</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86765r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030590</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setfiles command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setfiles command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setfiles&quot; command occur.
+successful/unsuccessful attempts to use the "setfiles" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;setfiles &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/setfiles /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setfiles -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setfiles&quot; command occur.
+successful/unsuccessful attempts to use the "setfiles" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setfiles -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>46e89da5-1f9d-467f-a32a-65ad466dce7a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setfiles&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setfiles&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72053</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86677r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72141\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setfiles command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setfiles\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw /usr/sbin/setfiles /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setfiles\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72141\"\n  tag rid: \"SV-86765r5_rule\"\n  tag stig_id: \"RHEL-07-030590\"\n  tag fix_id: \"F-78493r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/setfiles'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/setfiles" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/setfiles" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72053</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86677r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cron.allow file, if it exists, is owned by root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the owner of the &quot;cron.allow&quot; file is not set to root, the
+that the cron.allow file, if it exists, is owned by root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the owner of the "cron.allow" file is not set to root, the
 possibility exists for an unauthorized user to view or to edit sensitive
-information.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;cron.allow&quot; file is owned by root.
-
-    Check the owner of the &quot;cron.allow&quot; file with the following command:
-
-    # ls -al &#x2F;etc&#x2F;cron.allow
-    -rw------- 1 root root 6 Mar  5  2011 &#x2F;etc&#x2F;cron.allow
-
-    If the &quot;cron.allow&quot; file exists and has an owner other than root, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the owner on the &quot;&#x2F;etc&#x2F;cron.allow&quot; file to root with the following
+information.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "cron.allow" file is owned by root.
+
+    Check the owner of the "cron.allow" file with the following command:
+
+    # ls -al /etc/cron.allow
+    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow
+
+    If the "cron.allow" file exists and has an owner other than root, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the owner on the "/etc/cron.allow" file to root with the following
 command:
 
-    # chown root &#x2F;etc&#x2F;cron.allow</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>528fe9f8-e39a-4be1-9e1e-5dab37056160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;cron.allow is expected to be owned by &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71897</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86521r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010090</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chown root /etc/cron.allow</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72053\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cron.allow file, if it exists, is owned by root.\"\n  desc  \"If the owner of the \\\"cron.allow\\\" file is not set to root, the\npossibility exists for an unauthorized user to view or to edit sensitive\ninformation.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"cron.allow\\\" file is owned by root.\n\n    Check the owner of the \\\"cron.allow\\\" file with the following command:\n\n    # ls -al /etc/cron.allow\n    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow\n\n    If the \\\"cron.allow\\\" file exists and has an owner other than root, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Set the owner on the \\\"/etc/cron.allow\\\" file to root with the following\ncommand:\n\n    # chown root /etc/cron.allow\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72053\"\n  tag rid: \"SV-86677r3_rule\"\n  tag stig_id: \"RHEL-07-021110\"\n  tag fix_id: \"F-78405r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    # case where file doesn't exist\n    describe file('/etc/cron.allow') do\n      it { should_not exist }\n    end\n    # case where file exists\n    describe file('/etc/cron.allow') do\n      it { should be_owned_by 'root' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/cron.allow is expected to be owned by "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71897</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86521r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010090</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have the screen
-package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>:  A session time-out lock is a temporary action taken when a user
 stops work and moves away from the immediate physical vicinity of the
 information system but does not log out because of the temporary nature of the
 absence. Rather than relying on the user to manually lock their operating
 system session prior to vacating the vicinity, operating systems need to be
-able to identify when a user&#39;s session has idled and take action to initiate
+able to identify when a user's session has idled and take action to initiate
 the session lock.
 
     The screen and tmux packages allow for a session lock to be implemented and
-configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system has the screen package installed.
 
     Check to see if the screen package is installed with the following command:
@@ -37343,10 +35675,10 @@ installed with the following command:
     tmux-1.8-4.el7.x86_64.rpm
 
     If either the screen package or the tmux package is not installed, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install the screen package to allow the initiation of a session lock after
 a 15-minute period of inactivity.
 
@@ -37360,141 +35692,136 @@ command:
     Install the tmux program (if it is not on the system) with the following
 command:
 
-    #yum install tmux</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2a0c9623-e8d4-476e-9fa2-e8d53169ce53</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package screen is expected to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72303</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86927r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #yum install tmux</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71897\" do\n  title \"The Red Hat Enterprise Linux operating system must have the screen\npackage installed.\"\n  desc  \":  A session time-out lock is a temporary action taken when a user\nstops work and moves away from the immediate physical vicinity of the\ninformation system but does not log out because of the temporary nature of the\nabsence. Rather than relying on the user to manually lock their operating\nsystem session prior to vacating the vicinity, operating systems need to be\nable to identify when a user's session has idled and take action to initiate\nthe session lock.\n\n    The screen and tmux packages allow for a session lock to be implemented and\nconfigured.\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system has the screen package installed.\n\n    Check to see if the screen package is installed with the following command:\n\n    # yum list installed screen\n    screen-4.3.1-3-x86_64.rpm\n\n    If the screen package is not installed, check to see if the tmux package is\ninstalled with the following command:\n\n    #yum list installed tmux\n    tmux-1.8-4.el7.x86_64.rpm\n\n    If either the screen package or the tmux package is not installed, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Install the screen package to allow the initiation of a session lock after\na 15-minute period of inactivity.\n\n    Install the screen program (if it is not on the system) with the following\ncommand:\n\n    # yum install screen\n\n    OR\n\n    Install the tmux program (if it is not on the system) with the following\ncommand:\n\n    #yum install tmux\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71897\"\n  tag rid: \"SV-86521r3_rule\"\n  tag stig_id: \"RHEL-07-010090\"\n  tag fix_id: \"F-78249r3_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  multiplexer_packages = input('terminal_mux_pkgs')\n\n  describe.one do\n    multiplexer_packages.each do |pkg|  \n      describe package(pkg) do\n        it { should be_installed }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package screen is expected to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72303</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86927r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that remote X connections for interactive users are encrypted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that remote X connections for interactive users are encrypted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Open X displays allow an attacker to capture keystrokes and execute
-commands remotely.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+commands remotely.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify remote X connections for interactive users are encrypted.
 
     Check that remote X connections are encrypted with the following command:
 
-    # grep -i x11forwarding &#x2F;etc&#x2F;ssh&#x2F;sshd_config | grep -v &quot;^#&quot;
+    # grep -i x11forwarding /etc/ssh/sshd_config | grep -v "^#"
 
     X11Forwarding yes
 
-    If the &quot;X11Forwarding&quot; keyword is set to &quot;no&quot; or is missing, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "X11Forwarding" keyword is set to "no" or is missing, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to encrypt connections for interactive users.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for the
-&quot;X11Forwarding&quot; keyword and set its value to &quot;yes&quot; (this file may be named
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the
+"X11Forwarding" keyword and set its value to "yes" (this file may be named
 differently or be in a different location if using a version of SSH that is
 provided by a third-party vendor):
 
@@ -37502,118 +35829,113 @@ provided by a third-party vendor):
 
     The SSH service must be restarted for changes to take effect:
 
-    # systemctl restart sshd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>36540e58-f190-4e7d-afce-a7e4c0fe9111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration X11Forwarding is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71979</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86603r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl restart sshd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72303\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat remote X connections for interactive users are encrypted.\"\n  desc  \"Open X displays allow an attacker to capture keystrokes and execute\ncommands remotely.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify remote X connections for interactive users are encrypted.\n\n    Check that remote X connections are encrypted with the following command:\n\n    # grep -i x11forwarding /etc/ssh/sshd_config | grep -v \\\"^#\\\"\n\n    X11Forwarding yes\n\n    If the \\\"X11Forwarding\\\" keyword is set to \\\"no\\\" or is missing, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to encrypt connections for interactive users.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for the\n\\\"X11Forwarding\\\" keyword and set its value to \\\"yes\\\" (this file may be named\ndifferently or be in a different location if using a version of SSH that is\nprovided by a third-party vendor):\n\n    X11Forwarding yes\n\n    The SSH service must be restarted for changes to take effect:\n\n    # systemctl restart sshd\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72303\"\n  tag rid: \"SV-86927r4_rule\"\n  tag stig_id: \"RHEL-07-040710\"\n  tag fix_id: \"F-78657r6_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('X11Forwarding') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration X11Forwarding is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71979</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86603r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent the
 installation of software, patches, service packs, device drivers, or operating
 system components of local packages without verification they have been
 digitally signed using a certificate that is issued by a Certificate Authority
-(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Changes to any software components can have significant effects on the
 overall security of the operating system. This requirement ensures the software
 has not been tampered with and that it has been provided by a trusted vendor.
@@ -37628,14 +35950,14 @@ software has not been tampered with and that it has been provided by a trusted
 vendor. Self-signed certificates are disallowed by this requirement. The
 operating system should not have to verify the software again. This requirement
 does not mandate DoD certificates for this purpose; however, the certificate
-used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents the installation of patches, service
 packs, device drivers, or operating system components of local packages without
 verification that they have been digitally signed using a certificate that is
@@ -37644,131 +35966,126 @@ recognized and approved by the organization.
     Check that yum verifies the signature of local packages prior to install
 with the following command:
 
-    # grep localpkg_gpgcheck &#x2F;etc&#x2F;yum.conf
-    localpkg_gpgcheck&#x3D;1
+    # grep localpkg_gpgcheck /etc/yum.conf
+    localpkg_gpgcheck=1
 
-    If &quot;localpkg_gpgcheck&quot; is not set to &quot;1&quot;, or if options are missing or
+    If "localpkg_gpgcheck" is not set to "1", or if options are missing or
 commented out, ask the System Administrator how the signatures of local
 packages and other operating system components are verified.
 
     If there is no process to validate the signatures of local packages that is
-approved by the organization, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+approved by the organization, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify the signature of local packages
-prior to install by setting the following option in the &quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    localpkg_gpgcheck&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3610f5a4-da92-40dc-9682-7443547bba3e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-INI &#x2F;etc&#x2F;yum.conf main.localpkg_gpgcheck </FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71971</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000324-GPOS-00125</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86595r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+prior to install by setting the following option in the "/etc/yum.conf" file:
+
+    localpkg_gpgcheck=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71979\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent the\ninstallation of software, patches, service packs, device drivers, or operating\nsystem components of local packages without verification they have been\ndigitally signed using a certificate that is issued by a Certificate Authority\n(CA) that is recognized and approved by the organization.\"\n  desc  \"Changes to any software components can have significant effects on the\noverall security of the operating system. This requirement ensures the software\nhas not been tampered with and that it has been provided by a trusted vendor.\n\n    Accordingly, patches, service packs, device drivers, or operating system\ncomponents must be signed with a certificate recognized and approved by the\norganization.\n\n    Verifying the authenticity of the software prior to installation validates\nthe integrity of the patch or upgrade received from a vendor. This verifies the\nsoftware has not been tampered with and that it has been provided by a trusted\nvendor. Self-signed certificates are disallowed by this requirement. The\noperating system should not have to verify the software again. This requirement\ndoes not mandate DoD certificates for this purpose; however, the certificate\nused to verify the software must be from an approved CA.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents the installation of patches, service\npacks, device drivers, or operating system components of local packages without\nverification that they have been digitally signed using a certificate that is\nrecognized and approved by the organization.\n\n    Check that yum verifies the signature of local packages prior to install\nwith the following command:\n\n    # grep localpkg_gpgcheck /etc/yum.conf\n    localpkg_gpgcheck=1\n\n    If \\\"localpkg_gpgcheck\\\" is not set to \\\"1\\\", or if options are missing or\ncommented out, ask the System Administrator how the signatures of local\npackages and other operating system components are verified.\n\n    If there is no process to validate the signatures of local packages that is\napproved by the organization, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify the signature of local packages\nprior to install by setting the following option in the \\\"/etc/yum.conf\\\" file:\n\n    localpkg_gpgcheck=1\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000366-GPOS-00153\"\n  tag gid: \"V-71979\"\n  tag rid: \"SV-86603r2_rule\"\n  tag stig_id: \"RHEL-07-020060\"\n  tag fix_id: \"F-78331r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\n  yum_conf = '/etc/yum.conf'\n\n  if ((f = file(yum_conf)).exist?)\n     describe ini(yum_conf) do\n       its('main.localpkg_gpgcheck') { cmp 1 }\n     end\n   else\n     describe f do\n       it { should exist }\n     end\n   end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST INI /etc/yum.conf main.localpkg_gpgcheck </FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71971</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000324-GPOS-00125</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86595r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent
 non-privileged users from executing privileged functions to include disabling,
-circumventing, or altering implemented security safeguards&#x2F;countermeasures.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+circumventing, or altering implemented security safeguards/countermeasures.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Preventing non-privileged users from executing privileged functions
 mitigates the risk that unauthorized individuals or processes may gain
 unnecessary access to information or privileges.
@@ -37778,19 +36095,19 @@ performing system integrity checks, or administering cryptographic key
 management activities. Non-privileged users are individuals who do not possess
 appropriate authorizations. Circumventing intrusion detection and prevention
 mechanisms or malicious code protection mechanisms are examples of privileged
-functions that require protection from non-privileged users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+functions that require protection from non-privileged users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system prevents non-privileged users from executing
 privileged functions to include disabling, circumventing, or altering
-implemented security safeguards&#x2F;countermeasures.
+implemented security safeguards/countermeasures.
 
     Get a list of authorized users (other than System Administrator and guest
 accounts) for the system.
@@ -37798,174 +36115,165 @@ accounts) for the system.
     Check the list against the system by using the following command:
 
     # semanage login -l | more
-    Login Name SELinux User MLS&#x2F;MCS Range Service
+    Login Name SELinux User MLS/MCS Range Service
     __default__ user_u s0-s0:c0.c1023 *
     root unconfined_u s0-s0:c0.c1023 *
     system_u system_u s0-s0:c0.c1023 *
     joe staff_u s0-s0:c0.c1023 *
 
-    All administrators must be mapped to the &quot;sysadm_u&quot; or &quot;staff_u&quot; users
+    All administrators must be mapped to the "sysadm_u" or "staff_u" users
 role.
 
-    All authorized non-administrative users must be mapped to the &quot;user_u&quot;
+    All authorized non-administrative users must be mapped to the "user_u"
 role.
 
-    If they are not mapped in this way, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If they are not mapped in this way, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent non-privileged users from
 executing privileged functions to include disabling, circumventing, or altering
-implemented security safeguards&#x2F;countermeasures.
+implemented security safeguards/countermeasures.
 
-    Use the following command to map a new user to the &quot;sysdam_u&quot; role:
+    Use the following command to map a new user to the "sysdam_u" role:
 
     #semanage login -a -s sysadm_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;sysdam_u&quot; role:
+    Use the following command to map an existing user to the "sysdam_u" role:
 
     #semanage login -m -s sysadm_u &lt;username&gt;
 
-    Use the following command to map a new user to the &quot;staff_u&quot; role:
+    Use the following command to map a new user to the "staff_u" role:
 
     #semanage login -a -s staff_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;staff_u&quot; role:
+    Use the following command to map an existing user to the "staff_u" role:
 
     #semanage login -m -s staff_u &lt;username&gt;
 
-    Use the following command to map a new user to the &quot;user_u&quot; role:
+    Use the following command to map a new user to the "user_u" role:
 
     # semanage login -a -s user_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;user_u&quot; role:
-
-    # semanage login -m -s user_u &lt;username&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c29ee677-8047-4c7f-9509-fb8c3cd3fdbe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;selinuxenabled&#x60; exist? is expected to equal true
---------------------------------
-passed
-Command: &#x60;selinuxenabled&#x60; exit_status is expected to eq 0
---------------------------------
-passed
-seusers is expected not to be empty
---------------------------------
-passed
-SELinux login __default__ is expected to be in &quot;user_u&quot;
-expected &#x60;unconfined_u&#x60; to be in the list: &#x60;[&quot;user_u&quot;]&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71977</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86601r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Use the following command to map an existing user to the "user_u" role:
+
+    # semanage login -m -s user_u &lt;username&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71971\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent\nnon-privileged users from executing privileged functions to include disabling,\ncircumventing, or altering implemented security safeguards/countermeasures.\"\n  desc  \"Preventing non-privileged users from executing privileged functions\nmitigates the risk that unauthorized individuals or processes may gain\nunnecessary access to information or privileges.\n\n    Privileged functions include, for example, establishing accounts,\nperforming system integrity checks, or administering cryptographic key\nmanagement activities. Non-privileged users are individuals who do not possess\nappropriate authorizations. Circumventing intrusion detection and prevention\nmechanisms or malicious code protection mechanisms are examples of privileged\nfunctions that require protection from non-privileged users.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system prevents non-privileged users from executing\nprivileged functions to include disabling, circumventing, or altering\nimplemented security safeguards/countermeasures.\n\n    Get a list of authorized users (other than System Administrator and guest\naccounts) for the system.\n\n    Check the list against the system by using the following command:\n\n    # semanage login -l | more\n    Login Name SELinux User MLS/MCS Range Service\n    __default__ user_u s0-s0:c0.c1023 *\n    root unconfined_u s0-s0:c0.c1023 *\n    system_u system_u s0-s0:c0.c1023 *\n    joe staff_u s0-s0:c0.c1023 *\n\n    All administrators must be mapped to the \\\"sysadm_u\\\" or \\\"staff_u\\\" users\nrole.\n\n    All authorized non-administrative users must be mapped to the \\\"user_u\\\"\nrole.\n\n    If they are not mapped in this way, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent non-privileged users from\nexecuting privileged functions to include disabling, circumventing, or altering\nimplemented security safeguards/countermeasures.\n\n    Use the following command to map a new user to the \\\"sysdam_u\\\" role:\n\n    #semanage login -a -s sysadm_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"sysdam_u\\\" role:\n\n    #semanage login -m -s sysadm_u &lt;username&gt;\n\n    Use the following command to map a new user to the \\\"staff_u\\\" role:\n\n    #semanage login -a -s staff_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"staff_u\\\" role:\n\n    #semanage login -m -s staff_u &lt;username&gt;\n\n    Use the following command to map a new user to the \\\"user_u\\\" role:\n\n    # semanage login -a -s user_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"user_u\\\" role:\n\n    # semanage login -m -s user_u &lt;username&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000324-GPOS-00125\"\n  tag gid: \"V-71971\"\n  tag rid: \"SV-86595r2_rule\"\n  tag stig_id: \"RHEL-07-020020\"\n  tag fix_id: \"F-78323r1_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002235\"]\n  tag nist: [\"AC-3 (4)\", \"AC-6 (10)\", \"Rev_4\"]\n\n  admin_logins = input('admin_logins')\n\n  describe command('selinuxenabled') do\n    its('exist?') { should be true }\n    its('exit_status') { should eq 0 }\n  end\n\n  # Get the currently enabled selinux mode\n  selinux_mode = file('/etc/selinux/config').content.lines.\n    grep(/\\A\\s*SELINUXTYPE=/).last.split('=').last.strip\n\n  # Get the current seusers configuration\n  #\n  # Avoid use of semanage in case it has been uninstalled\n  #\n  # Remove all comments and empty lines\n  seusers = file(\"/etc/selinux/#{selinux_mode}/seusers\").content.lines.\n    grep_v(/(#|\\A\\s+\\Z)/).map(&amp;:strip)\n\n  # Create collect the remaining results in user/context pairs\n  seusers = seusers.map{|x| x.split(':')[0..1]}\n\n  describe 'seusers' do\n    it { expect(seusers).to_not be_empty }\n  end\n\n  users_to_ignore = [\n    'root',\n    'system_u' # This is a default user mapping\n  ]\n\n  seusers.each do |user, context|\n    next if users_to_ignore.include?(user)\n\n    describe \"SELinux login #{user}\" do\n      # This is required by the STIG\n      if user == '__default__'\n        let(:valid_users){[ 'user_u' ]}\n      elsif admin_logins.include?(user)\n        let(:valid_users){[\n          'sysadm_u',\n          'staff_u'\n        ]}\n      else\n        let(:valid_users){[\n          'user_u',\n          'guest_u',\n          'xguest_u'\n        ]}\n      end\n\n      it { expect(context).to be_in(valid_users) }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `selinuxenabled` exist? is expected to equal true
+--------------------------------
+passed :: TEST Command: `selinuxenabled` exit_status is expected to eq 0
+--------------------------------
+passed :: TEST seusers is expected not to be empty
+--------------------------------
+passed :: TEST SELinux login __default__ is expected to be in "user_u" :: MESSAGE expected `unconfined_u` to be in the list: `["user_u"]`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71977</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86601r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent the
 installation of software, patches, service packs, device drivers, or operating
 system components from a repository without verification they have been
 digitally signed using a certificate that is issued by a Certificate Authority
-(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Changes to any software components can have significant effects on the
 overall security of the operating system. This requirement ensures the software
 has not been tampered with and that it has been provided by a trusted vendor.
@@ -37980,14 +36288,14 @@ software has not been tampered with and that it has been provided by a trusted
 vendor. Self-signed certificates are disallowed by this requirement. The
 operating system should not have to verify the software again. This requirement
 does not mandate DoD certificates for this purpose; however, the certificate
-used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents the installation of patches, service
 packs, device drivers, or operating system components from a repository without
 verification that they have been digitally signed using a certificate that is
@@ -37996,149 +36304,144 @@ recognized and approved by the organization.
     Check that yum verifies the signature of packages from a repository prior
 to install with the following command:
 
-    # grep gpgcheck &#x2F;etc&#x2F;yum.conf
-    gpgcheck&#x3D;1
+    # grep gpgcheck /etc/yum.conf
+    gpgcheck=1
 
-    If &quot;gpgcheck&quot; is not set to &quot;1&quot;, or if options are missing or commented
+    If "gpgcheck" is not set to "1", or if options are missing or commented
 out, ask the System Administrator how the certificates for patches and other
 operating system components are verified.
 
     If there is no process to validate certificates that is approved by the
-organization, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+organization, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify the signature of packages from a
 repository prior to install by setting the following option in the
-&quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    gpgcheck&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>79582f08-4352-4f03-be21-5246a0b3aa2b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-INI &#x2F;etc&#x2F;yum.conf main.gpgcheck is expected to cmp &#x3D;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72273</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86897r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040520</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/yum.conf" file:
+
+    gpgcheck=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71977\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent the\ninstallation of software, patches, service packs, device drivers, or operating\nsystem components from a repository without verification they have been\ndigitally signed using a certificate that is issued by a Certificate Authority\n(CA) that is recognized and approved by the organization.\"\n  desc  \"Changes to any software components can have significant effects on the\noverall security of the operating system. This requirement ensures the software\nhas not been tampered with and that it has been provided by a trusted vendor.\n\n    Accordingly, patches, service packs, device drivers, or operating system\ncomponents must be signed with a certificate recognized and approved by the\norganization.\n\n    Verifying the authenticity of the software prior to installation validates\nthe integrity of the patch or upgrade received from a vendor. This verifies the\nsoftware has not been tampered with and that it has been provided by a trusted\nvendor. Self-signed certificates are disallowed by this requirement. The\noperating system should not have to verify the software again. This requirement\ndoes not mandate DoD certificates for this purpose; however, the certificate\nused to verify the software must be from an approved CA.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents the installation of patches, service\npacks, device drivers, or operating system components from a repository without\nverification that they have been digitally signed using a certificate that is\nrecognized and approved by the organization.\n\n    Check that yum verifies the signature of packages from a repository prior\nto install with the following command:\n\n    # grep gpgcheck /etc/yum.conf\n    gpgcheck=1\n\n    If \\\"gpgcheck\\\" is not set to \\\"1\\\", or if options are missing or commented\nout, ask the System Administrator how the certificates for patches and other\noperating system components are verified.\n\n    If there is no process to validate certificates that is approved by the\norganization, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify the signature of packages from a\nrepository prior to install by setting the following option in the\n\\\"/etc/yum.conf\\\" file:\n\n    gpgcheck=1\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000366-GPOS-00153\"\n  tag gid: \"V-71977\"\n  tag rid: \"SV-86601r2_rule\"\n  tag stig_id: \"RHEL-07-020050\"\n  tag fix_id: \"F-78329r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\n  yum_conf = '/etc/yum.conf'\n\n  if ((f = file(yum_conf)).exist?)\n    describe ini(yum_conf) do\n      its('main.gpgcheck') { should cmp 1 }\n    end\n  else\n    describe f do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST INI /etc/yum.conf main.gpgcheck is expected to cmp == 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72273</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86897r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040520</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable an
-application firewall, if available.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+application firewall, if available.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Firewalls protect computers from network attacks by blocking or
 limiting access to open network ports. Application firewalls limit which
-applications are allowed to communicate over the network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+applications are allowed to communicate over the network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enabled an application firewall.
 
-    Check to see if &quot;firewalld&quot; is installed with the following command:
+    Check to see if "firewalld" is installed with the following command:
 
     # yum list installed firewalld
     firewalld-0.3.9-11.el7.noarch.rpm
 
-    If the &quot;firewalld&quot; package is not installed, ask the System Administrator
+    If the "firewalld" package is not installed, ask the System Administrator
 if another firewall application (such as iptables) is installed.
 
     If an application firewall is not installed, this is a finding.
@@ -38149,10 +36452,10 @@ command:
     # systemctl status firewalld
     firewalld.service - firewalld - dynamic firewall daemon
 
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;firewalld.service; enabled)
+       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
        Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago
 
-    If &quot;firewalld&quot; does not show a status of &quot;loaded&quot; and &quot;active&quot;, this
+    If "firewalld" does not show a status of "loaded" and "active", this
 is a finding.
 
     Check the state of the firewall:
@@ -38160,146 +36463,139 @@ is a finding.
     # firewall-cmd --state
     running
 
-    If &quot;firewalld&quot; does not show a state of &quot;running&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure the operating system&#39;s application firewall is enabled.
+    If "firewalld" does not show a state of "running", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure the operating system's application firewall is enabled.
 
-    Install the &quot;firewalld&quot; package, if it is not on the system, with the
+    Install the "firewalld" package, if it is not on the system, with the
 following command:
 
     # yum install firewalld
 
-    Start the firewall via &quot;systemctl&quot; with the following command:
-
-    # systemctl start firewalld</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e6f6a342-b3ee-408d-9a67-47d7f7d6aef3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package firewalld is expected to be installed
---------------------------------
-passed
-System Package iptables is expected to be installed
---------------------------------
-passed
-Service firewalld.service is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72299</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86923r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Start the firewall via "systemctl" with the following command:
+
+    # systemctl start firewalld</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72273\" do\n  title \"The Red Hat Enterprise Linux operating system must enable an\napplication firewall, if available.\"\n  desc  \"Firewalls protect computers from network attacks by blocking or\nlimiting access to open network ports. Application firewalls limit which\napplications are allowed to communicate over the network.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enabled an application firewall.\n\n    Check to see if \\\"firewalld\\\" is installed with the following command:\n\n    # yum list installed firewalld\n    firewalld-0.3.9-11.el7.noarch.rpm\n\n    If the \\\"firewalld\\\" package is not installed, ask the System Administrator\nif another firewall application (such as iptables) is installed.\n\n    If an application firewall is not installed, this is a finding.\n\n    Check to see if the firewall is loaded and active with the following\ncommand:\n\n    # systemctl status firewalld\n    firewalld.service - firewalld - dynamic firewall daemon\n\n       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)\n       Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago\n\n    If \\\"firewalld\\\" does not show a status of \\\"loaded\\\" and \\\"active\\\", this\nis a finding.\n\n    Check the state of the firewall:\n\n    # firewall-cmd --state\n    running\n\n    If \\\"firewalld\\\" does not show a state of \\\"running\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Ensure the operating system's application firewall is enabled.\n\n    Install the \\\"firewalld\\\" package, if it is not on the system, with the\nfollowing command:\n\n    # yum install firewalld\n\n    Start the firewall via \\\"systemctl\\\" with the following command:\n\n    # systemctl start firewalld\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag satisfies: [\"SRG-OS-000480-GPOS-00227\", \"SRG-OS-000480-GPOS-00231\",\n\"SRG-OS-000480-GPOS-00232\"]\n  tag gid: \"V-72273\"\n  tag rid: \"SV-86897r2_rule\"\n  tag stig_id: \"RHEL-07-040520\"\n  tag fix_id: \"F-78627r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe package('firewalld') do\n      it { should be_installed }\n    end\n    describe package('iptables') do\n      it { should be_installed }\n    end\n  end\n  describe.one do\n    describe systemd_service('firewalld.service') do\n      it { should be_running }\n    end\n\tdescribe systemd_service('iptables.service') do\n      it { should be_running }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package firewalld is expected to be installed
+--------------------------------
+passed :: TEST System Package iptables is expected to be installed
+--------------------------------
+passed :: TEST Service firewalld.service is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72299</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86923r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have a File
-Transfer Protocol (FTP) server package installed unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Transfer Protocol (FTP) server package installed unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The FTP service provides an unencrypted remote access that does not
 provide for the confidentiality and integrity of user passwords or the remote
 session. If a privileged user were to log on using this service, the privileged
 user password could be compromised. SSH or other encrypted file transfer
-methods must be used in place of this service.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+methods must be used in place of this service.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify an FTP server has not been installed on the system.
 
     Check to see if an FTP server has been installed with the following
@@ -38309,338 +36605,326 @@ commands:
 
      vsftpd-3.0.2.el7.x86_64.rpm
 
-    If &quot;vsftpd&quot; is installed and is not documented with the Information
-System Security Officer (ISSO) as an operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Document the &quot;vsftpd&quot; package with the ISSO as an operational requirement
+    If "vsftpd" is installed and is not documented with the Information
+System Security Officer (ISSO) as an operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Document the "vsftpd" package with the ISSO as an operational requirement
 or remove it from the system with the following command:
 
-    # yum remove vsftpd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b0feee44-726b-40d9-b123-b39ac20b444b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package vsftpd is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72177</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86801r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030770</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove vsftpd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72299\" do\n  title \"The Red Hat Enterprise Linux operating system must not have a File\nTransfer Protocol (FTP) server package installed unless needed.\"\n  desc  \"The FTP service provides an unencrypted remote access that does not\nprovide for the confidentiality and integrity of user passwords or the remote\nsession. If a privileged user were to log on using this service, the privileged\nuser password could be compromised. SSH or other encrypted file transfer\nmethods must be used in place of this service.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify an FTP server has not been installed on the system.\n\n    Check to see if an FTP server has been installed with the following\ncommands:\n\n    # yum list installed vsftpd\n\n     vsftpd-3.0.2.el7.x86_64.rpm\n\n    If \\\"vsftpd\\\" is installed and is not documented with the Information\nSystem Security Officer (ISSO) as an operational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Document the \\\"vsftpd\\\" package with the ISSO as an operational requirement\nor remove it from the system with the following command:\n\n    # yum remove vsftpd\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72299\"\n  tag rid: \"SV-86923r3_rule\"\n  tag stig_id: \"RHEL-07-040690\"\n  tag fix_id: \"F-78653r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe package('vsftpd') do\n      it { should_not be_installed }\n    end\n    describe parse_config_file('/etc/vsftpd/vsftpd.conf') do\n      its('ssl_enable') { should cmp 'YES' }\n      its('force_anon_data_ssl') { should cmp 'YES' }\n      its('force_anon_logins_ssl') { should cmp 'YES' }\n      its('force_local_data_ssl') { should cmp 'YES' }\n      its('force_local_logins_ssl') { should cmp 'YES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package vsftpd is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72177</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86801r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030770</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the postqueue command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the postqueue command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged postfix commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postqueue&quot; command occur.
+successful/unsuccessful attempts to use the "postqueue" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;postqueue &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/postqueue /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postqueue -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-postfix
+    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-postfix
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postqueue&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postqueue -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-postfix
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>888f4484-d54d-445d-807b-8baa5c7d428a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postqueue&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postqueue&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72067</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86691r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "postqueue" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-postfix
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72177\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe postqueue command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged postfix commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"postqueue\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/sbin/postqueue /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-postfix\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"postqueue\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-postfix\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72177\"\n  tag rid: \"SV-86801r3_rule\"\n  tag stig_id: \"RHEL-07-030770\"\n  tag fix_id: \"F-78531r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/postqueue'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/postqueue" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/postqueue" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72067</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86691r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement NIST
 FIPS-validated cryptography for the following: to provision digital signatures,
 to generate cryptographic hashes, and to protect data requiring data-at-rest
 protections in accordance with applicable federal laws, Executive Orders,
-directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes
 of using encryption to protect data. The operating system must implement
 cryptographic modules adhering to the higher standards approved by the federal
-government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements DoD-approved encryption to protect
 the confidentiality of remote access sessions.
 
-    Check to see if the &quot;dracut-fips&quot; package is installed with the following
+    Check to see if the "dracut-fips" package is installed with the following
 command:
 
     # yum list installed dracut-fips
 
     dracut-fips-033-360.el7_2.x86_64.rpm
 
-    If a &quot;dracut-fips&quot; package is installed, check to see if the kernel
+    If a "dracut-fips" package is installed, check to see if the kernel
 command line is configured to use FIPS mode with the following command:
 
-    Note: GRUB 2 reads its configuration from the &quot;&#x2F;boot&#x2F;grub2&#x2F;grub.cfg&quot; file
+    Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file
 on traditional BIOS-based machines and from the
-&quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg&quot; file on UEFI machines.
+"/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
 
-    # grep fips &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-    &#x2F;vmlinuz-3.8.0-0.40.el7.x86_64 root&#x3D;&#x2F;dev&#x2F;mapper&#x2F;rhel-root ro rd.md&#x3D;0
-rd.dm&#x3D;0 rd.lvm.lv&#x3D;rhel&#x2F;swap crashkernel&#x3D;auto rd.luks&#x3D;0 vconsole.keymap&#x3D;us
-rd.lvm.lv&#x3D;rhel&#x2F;root rhgb fips&#x3D;1 quiet
+    # grep fips /boot/grub2/grub.cfg
+    /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0
+rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us
+rd.lvm.lv=rhel/root rhgb fips=1 quiet
 
     If the kernel command line is configured to use FIPS mode, check to see if
 the system is in FIPS mode with the following command:
 
-    # cat &#x2F;proc&#x2F;sys&#x2F;crypto&#x2F;fips_enabled
+    # cat /proc/sys/crypto/fips_enabled
     1
 
-    If a &quot;dracut-fips&quot; package is not installed, the kernel command line does
-not have a fips entry, or the system has a value of &quot;0&quot; for &quot;fips_enabled&quot;
-in &quot;&#x2F;proc&#x2F;sys&#x2F;crypto&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If a "dracut-fips" package is not installed, the kernel command line does
+not have a fips entry, or the system has a value of "0" for "fips_enabled"
+in "/proc/sys/crypto", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement DoD-approved encryption by
 installing the dracut-fips package.
 
-    To enable strict FIPS compliance, the fips&#x3D;1 kernel option needs to be
+    To enable strict FIPS compliance, the fips=1 kernel option needs to be
 added to the kernel command line during system installation so key generation
 is done with FIPS-approved algorithms and continuous monitoring tests in place.
 
     Configure the operating system to implement DoD-approved encryption by
 following the steps below:
 
-    The fips&#x3D;1 kernel option needs to be added to the kernel command line
+    The fips=1 kernel option needs to be added to the kernel command line
 during system installation so that key generation is done with FIPS-approved
 algorithms and continuous monitoring tests in place. Users should also ensure
 that the system has plenty of entropy during the installation process by moving
@@ -38652,644 +36936,614 @@ keystrokes may generate a non-unique key.
 
     # yum install dracut-fips
 
-    Recreate the &quot;initramfs&quot; file with the following command:
+    Recreate the "initramfs" file with the following command:
 
-    Note: This command will overwrite the existing &quot;initramfs&quot; file.
+    Note: This command will overwrite the existing "initramfs" file.
 
     # dracut -f
 
-    Modify the kernel command line of the current kernel in the &quot;grub.cfg&quot;
+    Modify the kernel command line of the current kernel in the "grub.cfg"
 file by adding the following option to the GRUB_CMDLINE_LINUX key in the
-&quot;&#x2F;etc&#x2F;default&#x2F;grub&quot; file and then rebuild the &quot;grub.cfg&quot; file:
+"/etc/default/grub" file and then rebuild the "grub.cfg" file:
 
-    fips&#x3D;1
+    fips=1
 
-    Changes to &quot;&#x2F;etc&#x2F;default&#x2F;grub&quot; require rebuilding the &quot;grub.cfg&quot; file
+    Changes to "/etc/default/grub" require rebuilding the "grub.cfg" file
 as follows:
 
     On BIOS-based machines, use the following command:
 
-    # grub2-mkconfig -o &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grub2-mkconfig -o /boot/grub2/grub.cfg
 
     On UEFI-based machines, use the following command:
 
-    # grub2-mkconfig -o &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
+    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
 
-    If &#x2F;boot or &#x2F;boot&#x2F;efi reside on separate partitions, the kernel parameter
-boot&#x3D;&lt;partition of &#x2F;boot or &#x2F;boot&#x2F;efi&gt; must be added to the kernel command
-line. You can identify a partition by running the df &#x2F;boot or df &#x2F;boot&#x2F;efi
+    If /boot or /boot/efi reside on separate partitions, the kernel parameter
+boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command
+line. You can identify a partition by running the df /boot or df /boot/efi
 command:
 
-    # df &#x2F;boot
+    # df /boot
     Filesystem 1K-blocks Used Available Use% Mounted on
-    &#x2F;dev&#x2F;sda1 495844 53780 416464 12% &#x2F;boot
+    /dev/sda1 495844 53780 416464 12% /boot
 
-    To ensure the &quot;boot&#x3D;&quot; configuration option will work even if device
+    To ensure the "boot=" configuration option will work even if device
 naming changes occur between boots, identify the universally unique identifier
 (UUID) of the partition with the following command:
 
-    # blkid &#x2F;dev&#x2F;sda1
-    &#x2F;dev&#x2F;sda1: UUID&#x3D;&quot;05c000f1-a213-759e-c7a2-f11b7424c797&quot; TYPE&#x3D;&quot;ext4&quot;
+    # blkid /dev/sda1
+    /dev/sda1: UUID="05c000f1-a213-759e-c7a2-f11b7424c797" TYPE="ext4"
 
     For the example above, append the following string to the kernel command
 line:
 
-    boot&#x3D;UUID&#x3D;05c000f1-a213-759e-c7a2-f11b7424c797
-
-    Reboot the system for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7c8e362f-583f-421d-ba81-5cb52cda12ba</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002476</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package dracut-fips is expected to be installed
---------------------------------
-passed
-ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto  is expected to match &#x2F;\bfips&#x3D;1\b&#x2F;
-expected &quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot; to match &#x2F;\bfips&#x3D;1\b&#x2F;
+    boot=UUID=05c000f1-a213-759e-c7a2-f11b7424c797
+
+    Reboot the system for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72067\" do\n  title \"The Red Hat Enterprise Linux operating system must implement NIST\nFIPS-validated cryptography for the following: to provision digital signatures,\nto generate cryptographic hashes, and to protect data requiring data-at-rest\nprotections in accordance with applicable federal laws, Executive Orders,\ndirectives, policies, regulations, and standards.\"\n  desc  \"Use of weak or untested encryption algorithms undermines the purposes\nof using encryption to protect data. The operating system must implement\ncryptographic modules adhering to the higher standards approved by the federal\ngovernment since this provides assurance they have been tested and validated.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements DoD-approved encryption to protect\nthe confidentiality of remote access sessions.\n\n    Check to see if the \\\"dracut-fips\\\" package is installed with the following\ncommand:\n\n    # yum list installed dracut-fips\n\n    dracut-fips-033-360.el7_2.x86_64.rpm\n\n    If a \\\"dracut-fips\\\" package is installed, check to see if the kernel\ncommand line is configured to use FIPS mode with the following command:\n\n    Note: GRUB 2 reads its configuration from the \\\"/boot/grub2/grub.cfg\\\" file\non traditional BIOS-based machines and from the\n\\\"/boot/efi/EFI/redhat/grub.cfg\\\" file on UEFI machines.\n\n    # grep fips /boot/grub2/grub.cfg\n    /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0\nrd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us\nrd.lvm.lv=rhel/root rhgb fips=1 quiet\n\n    If the kernel command line is configured to use FIPS mode, check to see if\nthe system is in FIPS mode with the following command:\n\n    # cat /proc/sys/crypto/fips_enabled\n    1\n\n    If a \\\"dracut-fips\\\" package is not installed, the kernel command line does\nnot have a fips entry, or the system has a value of \\\"0\\\" for \\\"fips_enabled\\\"\nin \\\"/proc/sys/crypto\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement DoD-approved encryption by\ninstalling the dracut-fips package.\n\n    To enable strict FIPS compliance, the fips=1 kernel option needs to be\nadded to the kernel command line during system installation so key generation\nis done with FIPS-approved algorithms and continuous monitoring tests in place.\n\n    Configure the operating system to implement DoD-approved encryption by\nfollowing the steps below:\n\n    The fips=1 kernel option needs to be added to the kernel command line\nduring system installation so that key generation is done with FIPS-approved\nalgorithms and continuous monitoring tests in place. Users should also ensure\nthat the system has plenty of entropy during the installation process by moving\nthe mouse around, or if no mouse is available, ensuring that many keystrokes\nare typed. The recommended amount of keystrokes is 256 and more. Less than 256\nkeystrokes may generate a non-unique key.\n\n    Install the dracut-fips package with the following command:\n\n    # yum install dracut-fips\n\n    Recreate the \\\"initramfs\\\" file with the following command:\n\n    Note: This command will overwrite the existing \\\"initramfs\\\" file.\n\n    # dracut -f\n\n    Modify the kernel command line of the current kernel in the \\\"grub.cfg\\\"\nfile by adding the following option to the GRUB_CMDLINE_LINUX key in the\n\\\"/etc/default/grub\\\" file and then rebuild the \\\"grub.cfg\\\" file:\n\n    fips=1\n\n    Changes to \\\"/etc/default/grub\\\" require rebuilding the \\\"grub.cfg\\\" file\nas follows:\n\n    On BIOS-based machines, use the following command:\n\n    # grub2-mkconfig -o /boot/grub2/grub.cfg\n\n    On UEFI-based machines, use the following command:\n\n    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\n\n    If /boot or /boot/efi reside on separate partitions, the kernel parameter\nboot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command\nline. You can identify a partition by running the df /boot or df /boot/efi\ncommand:\n\n    # df /boot\n    Filesystem 1K-blocks Used Available Use% Mounted on\n    /dev/sda1 495844 53780 416464 12% /boot\n\n    To ensure the \\\"boot=\\\" configuration option will work even if device\nnaming changes occur between boots, identify the universally unique identifier\n(UUID) of the partition with the following command:\n\n    # blkid /dev/sda1\n    /dev/sda1: UUID=\\\"05c000f1-a213-759e-c7a2-f11b7424c797\\\" TYPE=\\\"ext4\\\"\n\n    For the example above, append the following string to the kernel command\nline:\n\n    boot=UUID=05c000f1-a213-759e-c7a2-f11b7424c797\n\n    Reboot the system for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000033-GPOS-00014\"\n  tag satisfies: [\"SRG-OS-000033-GPOS-00014\", \"SRG-OS-000185-GPOS-00079\",\n\"SRG-OS-000396-GPOS-00176\", \"SRG-OS-000405-GPOS-00184\",\n\"SRG-OS-000478-GPOS-00223\"]\n  tag gid: \"V-72067\"\n  tag rid: \"SV-86691r4_rule\"\n  tag stig_id: \"RHEL-07-021350\"\n  tag fix_id: \"F-78419r3_fix\"\n  tag cci: [\"CCI-000068\", \"CCI-001199\", \"CCI-002450\", \"CCI-002476\"]\n  tag nist: [\"AC-17 (2)\", \"SC-28\", \"SC-13\", \"SC-28 (1)\", \"Rev_4\"]\n\n  describe package('dracut-fips') do\n    it { should be_installed }\n  end\n\n  all_args = command('grubby --info=ALL | grep \"^args=\" | sed \"s/^args=//g\"').\n    stdout.strip.split(\"\\n\").\n    map { |s| s.sub(%r{^\"(.*)\"$}, '\\1') } # strip outer quotes if they exist\n\n  all_args.each { |args|\n    describe args do\n      it { should match %r{\\bfips=1\\b} }\n    end\n  }\n\n  describe file('/proc/sys/crypto/fips_enabled') do\n    its('content.strip') { should cmp 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002476</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package dracut-fips is expected to be installed
+--------------------------------
+passed :: TEST ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto  is expected to match /\bfips=1\b/ :: MESSAGE expected "ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto " to match /\bfips=1\b/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;\bfips&#x3D;1\b&#x2F;
-+&quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot;
+-/\bfips=1\b/
++"ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto "
 
 --------------------------------
-passed
-ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto  is expected to match &#x2F;\bfips&#x3D;1\b&#x2F;
-expected &quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot; to match &#x2F;\bfips&#x3D;1\b&#x2F;
+passed :: TEST ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto  is expected to match /\bfips=1\b/ :: MESSAGE expected "ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto " to match /\bfips=1\b/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;\bfips&#x3D;1\b&#x2F;
-+&quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot;
+-/\bfips=1\b/
++"ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto "
 
 --------------------------------
-passed
-File &#x2F;proc&#x2F;sys&#x2F;crypto&#x2F;fips_enabled content.strip is expected to cmp &#x3D;&#x3D; 1
-
+passed :: TEST File /proc/sys/crypto/fips_enabled content.strip is expected to cmp == 1 :: MESSAGE 
 expected: 1
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72139</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86763r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030580</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72139</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86763r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030580</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chcon command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chcon command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chcon&quot; command occur.
+successful/unsuccessful attempts to use the "chcon" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chcon &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chcon /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chcon -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chcon&quot; command occur.
+successful/unsuccessful attempts to use the "chcon" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chcon -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8d4753de-4481-4efa-8154-f335f35a97ec</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chcon&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chcon&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86899r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72139\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chcon command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chcon\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/chcon /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chcon\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72139\"\n  tag rid: \"SV-86763r4_rule\"\n  tag stig_id: \"RHEL-07-030580\"\n  tag fix_id: \"F-78491r6_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chcon'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chcon" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chcon" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72275</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86899r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040530</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the date
-and time of the last successful account logon upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+and time of the last successful account logon upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Providing users with feedback on when account accesses last occurred
-facilitates user recognition and reporting of unauthorized account use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+facilitates user recognition and reporting of unauthorized account use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify users are provided with feedback on when account accesses last
 occurred.
 
-    Check that &quot;pam_lastlog&quot; is used and not silent with the following
+    Check that "pam_lastlog" is used and not silent with the following
 command:
 
-    # grep pam_lastlog &#x2F;etc&#x2F;pam.d&#x2F;postlogin
+    # grep pam_lastlog /etc/pam.d/postlogin
     session required pam_lastlog.so showfailed
 
-    If &quot;pam_lastlog&quot; is missing from &quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot; file, or the
-silent option is present, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "pam_lastlog" is missing from "/etc/pam.d/postlogin" file, or the
+silent option is present, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to provide users with feedback on when
 account accesses last occurred by setting the required configuration options in
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot;.
-
-    Add the following line to the top of &quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot;:
-
-    session required pam_lastlog.so showfailed</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>487a2f55-a41d-43f2-b60c-696d3905eb04</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;postlogin] lines is expected to include session .* pam_lastlog.so showfailed
---------------------------------
-passed
-SSHD Configuration PrintLastLog is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71939</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000106-GPOS-00053</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86563r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/pam.d/postlogin".
+
+    Add the following line to the top of "/etc/pam.d/postlogin":
+
+    session required pam_lastlog.so showfailed</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72275\" do\n  title \"The Red Hat Enterprise Linux operating system must display the date\nand time of the last successful account logon upon logon.\"\n  desc  \"Providing users with feedback on when account accesses last occurred\nfacilitates user recognition and reporting of unauthorized account use.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify users are provided with feedback on when account accesses last\noccurred.\n\n    Check that \\\"pam_lastlog\\\" is used and not silent with the following\ncommand:\n\n    # grep pam_lastlog /etc/pam.d/postlogin\n    session required pam_lastlog.so showfailed\n\n    If \\\"pam_lastlog\\\" is missing from \\\"/etc/pam.d/postlogin\\\" file, or the\nsilent option is present, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to provide users with feedback on when\naccount accesses last occurred by setting the required configuration options in\n\\\"/etc/pam.d/postlogin\\\".\n\n    Add the following line to the top of \\\"/etc/pam.d/postlogin\\\":\n\n    session required pam_lastlog.so showfailed\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72275\"\n  tag rid: \"SV-86899r4_rule\"\n  tag stig_id: \"RHEL-07-040530\"\n  tag fix_id: \"F-78629r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe pam('/etc/pam.d/postlogin') do\n    its('lines') { should match_pam_rule('session .* pam_lastlog.so showfailed') }\n  end\n\n  describe.one do\n    describe sshd_config do\n      its('PrintLastLog') { should cmp 'yes' }\n    end\n\n    describe pam('/etc/pam.d/postlogin') do\n      its('lines') { should match_pam_rule('session .* pam_lastlog.so showfailed').all_without_args('silent') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/postlogin] lines is expected to include session .* pam_lastlog.so showfailed
+--------------------------------
+passed :: TEST SSHD Configuration PrintLastLog is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71939</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000106-GPOS-00053</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86563r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not allow authentication using an empty password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not allow authentication using an empty password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To determine how the SSH daemon&#39;s &quot;PermitEmptyPasswords&quot; option is set,
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To determine how the SSH daemon's "PermitEmptyPasswords" option is set,
 run the following command:
 
-    # grep -i PermitEmptyPasswords &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i PermitEmptyPasswords /etc/ssh/sshd_config
     PermitEmptyPasswords no
 
-    If no line, a commented line, or a line indicating the value &quot;no&quot; is
+    If no line, a commented line, or a line indicating the value "no" is
 returned, the required value is set.
 
-    If the required value is not set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the required value is not set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To explicitly disallow remote logon from accounts with empty passwords, add
-or correct the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
+or correct the following line in "/etc/ssh/sshd_config":
 
     PermitEmptyPasswords no
 
     The SSH service must be restarted for changes to take effect.  Any accounts
 with empty passwords should be disabled immediately, and PAM configuration
-should prevent users from being able to assign themselves empty passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d2155c88-8dc6-4b9f-8cdc-917831d3d866</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitEmptyPasswords is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72007</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86631r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+should prevent users from being able to assign themselves empty passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71939\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using an empty password.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    To determine how the SSH daemon's \\\"PermitEmptyPasswords\\\" option is set,\nrun the following command:\n\n    # grep -i PermitEmptyPasswords /etc/ssh/sshd_config\n    PermitEmptyPasswords no\n\n    If no line, a commented line, or a line indicating the value \\\"no\\\" is\nreturned, the required value is set.\n\n    If the required value is not set, this is a finding.\n  \"\n  desc  \"fix\", \"\n    To explicitly disallow remote logon from accounts with empty passwords, add\nor correct the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    PermitEmptyPasswords no\n\n    The SSH service must be restarted for changes to take effect.  Any accounts\nwith empty passwords should be disabled immediately, and PAM configuration\nshould prevent users from being able to assign themselves empty passwords.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000106-GPOS-00053\"\n  tag gid: \"V-71939\"\n  tag rid: \"SV-86563r3_rule\"\n  tag stig_id: \"RHEL-07-010300\"\n  tag fix_id: \"F-78291r2_fix\"\n  tag cci: [\"CCI-000766\"]\n  tag nist: [\"IA-2 (2)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitEmptyPasswords') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitEmptyPasswords is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72007</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86631r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all files and directories have a valid owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all files and directories have a valid owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unowned files and directories may be unintentionally inherited if a
-user is assigned the same User Identifier &quot;UID&quot; as the UID of the un-owned
-files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+user is assigned the same User Identifier "UID" as the UID of the un-owned
+files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories on the system have a valid owner.
 
     Check the owner of all files and directories with the following command:
@@ -39297,344 +37551,324 @@ files.</ATTRIBUTE_DATA>
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -fstype xfs -nouser
+    # find / -fstype xfs -nouser
 
-    If any files on the system do not have an assigned owner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files on the system do not have an assigned owner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Either remove all files and directories from the system that do not have a
 valid user, or assign a valid user to all unowned files and directories on the
-system with the &quot;chown&quot; command:
-
-    # chown &lt;user&gt; &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3d61bc1a-2d65-41d1-b431-6968148cc0fd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -fstype xfs -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext3 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext2 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext4 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype msdos -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype vfat -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype btrfs -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype fuseblk -nouser&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86827r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+system with the "chown" command:
+
+    # chown &lt;user&gt; &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72007\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories have a valid owner.\"\n  desc  \"Unowned files and directories may be unintentionally inherited if a\nuser is assigned the same User Identifier \\\"UID\\\" as the UID of the un-owned\nfiles.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories on the system have a valid owner.\n\n    Check the owner of all files and directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -fstype xfs -nouser\n\n    If any files on the system do not have an assigned owner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Either remove all files and directories from the system that do not have a\nvalid user, or assign a valid user to all unowned files and directories on the\nsystem with the \\\"chown\\\" command:\n\n    # chown &lt;user&gt; &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72007\"\n  tag rid: \"SV-86631r3_rule\"\n  tag stig_id: \"RHEL-07-020320\"\n  tag fix_id: \"F-78359r1_fix\"\n  tag cci: [\"CCI-002165\"]\n  tag nist: [\"AC-3 (4)\", \"Rev_4\"]\n\n  command('grep -v \"nodev\" /proc/filesystems | awk \\'NF{ print $NF }\\'').\n    stdout.strip.split(\"\\n\").each do |fs|\n      describe command(\"find / -xautofs -fstype #{fs} -nouser\") do\n        its('stdout.strip') { should be_empty }\n      end\n    end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -fstype xfs -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext3 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext2 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext4 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype msdos -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype vfat -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype btrfs -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype fuseblk -nouser` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86827r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the rmdir syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the rmdir syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rmdir&quot; syscall occur.
+successful/unsuccessful attempts to use the "rmdir" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw rmdir &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw rmdir /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;rmdir&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"rmdir" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rmdir&quot; syscall occur.
+successful/unsuccessful attempts to use the "rmdir" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e5d703e0-9ce4-4198-9c00-51fc826c9380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72039</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86663r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72203\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe rmdir syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"rmdir\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw rmdir /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"rmdir\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"rmdir\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72203\"\n  tag rid: \"SV-86827r5_rule\"\n  tag stig_id: \"RHEL-07-030900\"\n  tag fix_id: \"F-78557r9_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"rmdir\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"rmdir\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72039</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86663r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all system device files are correctly labeled to prevent unauthorized
-modification.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+modification.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an unauthorized or modified device is allowed to exist on the
 system, there is the possibility the system may perform unintended or
-unauthorized operations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized operations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that all system device files are correctly labeled to prevent
 unauthorized modification.
 
     List all device files on the system that are incorrectly labeled with the
 following commands:
 
-    Note: Device files are normally found under &quot;&#x2F;dev&quot;, but applications may
+    Note: Device files are normally found under "/dev", but applications may
 place device files in other directories and may necessitate a search of the
 entire system.
 
-    #find &#x2F;dev -context *:device_t:* \( -type c -o -type b \) -printf &quot;%p %Z    &quot;
+    #find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z    "
 
-    #find &#x2F;dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf &quot;%p
-%Z    &quot;
+    #find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p
+%Z    "
 
-    Note: There are device files, such as &quot;&#x2F;dev&#x2F;vmci&quot;, that are used when the
+    Note: There are device files, such as "/dev/vmci", that are used when the
 operating system is a host virtual machine. They will not be owned by a user on
-the system and require the &quot;device_t&quot; label to operate. These device files
+the system and require the "device_t" label to operate. These device files
 are not a finding.
 
     If there is output from either of these commands, other than already noted,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the device file:
 
     # rpm -qf &lt;filename&gt;
@@ -39646,103 +37880,98 @@ this is a finding.</ATTRIBUTE_DATA>
     Alternatively, the package can be reinstalled from trusted media using the
 command:
 
-    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>59cb9b6c-179b-4f97-99d4-a472f609771a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {}&gt; length is expected to cmp &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-		</iSTIG>
-	</STIGS>
+    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72039\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all system device files are correctly labeled to prevent unauthorized\nmodification.\"\n  desc  \"If an unauthorized or modified device is allowed to exist on the\nsystem, there is the possibility the system may perform unintended or\nunauthorized operations.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all system device files are correctly labeled to prevent\nunauthorized modification.\n\n    List all device files on the system that are incorrectly labeled with the\nfollowing commands:\n\n    Note: Device files are normally found under \\\"/dev\\\", but applications may\nplace device files in other directories and may necessitate a search of the\nentire system.\n\n    #find /dev -context *:device_t:* \\\\( -type c -o -type b \\\\) -printf \\\"%p %Z\\\n    \\\"\n\n    #find /dev -context *:unlabeled_t:* \\\\( -type c -o -type b \\\\) -printf \\\"%p\n%Z\\\n    \\\"\n\n    Note: There are device files, such as \\\"/dev/vmci\\\", that are used when the\noperating system is a host virtual machine. They will not be owned by a user on\nthe system and require the \\\"device_t\\\" label to operate. These device files\nare not a finding.\n\n    If there is output from either of these commands, other than already noted,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the device file:\n\n    # rpm -qf &lt;filename&gt;\n\n    The package can be reinstalled from a yum repository using the command:\n\n    # sudo yum reinstall &lt;packagename&gt;\n\n    Alternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n    # sudo rpm -Uvh &lt;packagename&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72039\"\n  tag rid: \"SV-86663r2_rule\"\n  tag stig_id: \"RHEL-07-020900\"\n  tag fix_id: \"F-78391r1_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  virtual_machine = input('virtual_machine')\n\n  findings = Set[]\n  findings = findings + command('find / -context *:device_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n  findings = findings + command('find / -context *:unlabeled_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n  findings = findings + command('find / -context *:vmci_device_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n\n  describe findings do\n    if virtual_machine\n      its ('length') { should cmp 1 }\n      its ('first') { should include '/dev/vmci' }\n    else\n      its ('length') { should cmp 0 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {}&gt; length is expected to cmp == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+	</STIGS>
 </CHECKLIST>
\ No newline at end of file
diff --git a/test/sample_data/checklist/red_hat_good_metadata.ckl b/test/sample_data/checklist/red_hat_good_metadata.ckl
index 1be67908e..4c7b2c111 100644
--- a/test/sample_data/checklist/red_hat_good_metadata.ckl
+++ b/test/sample_data/checklist/red_hat_good_metadata.ckl
@@ -1,101 +1,96 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--DISA STIG Viewer :: 2.14-->
-<CHECKLIST>
-	<ASSET>
-		<ROLE>Domain Controller</ROLE>
-		<ASSET_TYPE>Computing</ASSET_TYPE>
-		<HOST_NAME>localhost</HOST_NAME>
-		<HOST_IP></HOST_IP>
-		<HOST_MAC></HOST_MAC>
-		<HOST_FQDN></HOST_FQDN>
-		<TARGET_COMMENT></TARGET_COMMENT>
-		<TECH_AREA>Other Review</TECH_AREA>
-		<TARGET_KEY></TARGET_KEY>
-		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
-		<WEB_DB_SITE></WEB_DB_SITE>
-		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
-	</ASSET>
-	<STIGS>
-		<iSTIG>
-			<STIG_INFO>
-				<SI_DATA>
-					<SID_NAME>version</SID_NAME>
-					<SID_DATA>1.0.0</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>classification</SID_NAME>
-					<SID_DATA>UNCLASSIFIED</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>customname</SID_NAME>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>stigid</SID_NAME>
-					<SID_DATA></SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>description</SID_NAME>
-					<SID_DATA>File Name: red_hat_good.json
-Version: 2.6.0
-SHA256 Hash: 6c28e36e632170e646f6b39f4c728be3ed456e3d0e511ed942afb42ff3670360
-Maintainer: MITRE SAF Team
-Copyright: MITRE, 2020
-Copyright Email: saf@groups.mitre.org
-Control Count: 247</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>filename</SID_NAME>
-					<SID_DATA>red_hat_good.json</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>releaseinfo</SID_NAME>
-					<SID_DATA>This is my release</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>title</SID_NAME>
-					<SID_DATA>My title</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>uuid</SID_NAME>
-					<SID_DATA>63c9f070-b7d3-451e-889e-26f69c4be4f1</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>notice</SID_NAME>
-					<SID_DATA>terms-of-use</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>source</SID_NAME>
-				</SI_DATA>
-			</STIG_INFO>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71973</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86597r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--Heimdall Version :: 2.10.8-->
+<CHECKLIST>
+	<ASSET>
+		<ROLE>Domain Controller</ROLE>
+		<ASSET_TYPE>Computing</ASSET_TYPE>
+		<MARKING>CUI</MARKING>
+		<HOST_NAME>localhost</HOST_NAME>
+		<HOST_IP>127.0.0.1</HOST_IP>
+		<HOST_MAC></HOST_MAC>
+		<HOST_FQDN></HOST_FQDN>
+		<TARGET_COMMENT></TARGET_COMMENT>
+		<TECH_AREA>Other Review</TECH_AREA>
+		<TARGET_KEY></TARGET_KEY>
+		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
+		<WEB_DB_SITE></WEB_DB_SITE>
+		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
+	</ASSET>
+	<STIGS>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>2</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+					<SID_DATA>{"hdfSpecificData":{"attributes":[{"name":"disable_slow_controls","options":{"value":true}},{"name":"monitor_kernel_log","options":{"value":true}},{"name":"rpm_verify_perms_except","options":{"type":"Array","value":[]}},{"name":"rpm_verify_integrity_except","options":{"type":"Array","value":[]}},{"name":"banner_message_enabled","options":{"type":"String","value":"true"}},{"name":"log_aggregation_server","options":{"value":false}},{"name":"application_groups","options":{"type":"Array","value":[]}},{"name":"x11_enabled","options":{"value":false}},{"name":"user_accounts","options":{"type":"Array","value":[]}},{"name":"known_system_accounts","options":{"type":"Array","value":["root","bin","daemon","adm","lp","sync","shutdown","halt","mail","operator","nobody","systemd-bus-proxy"]}},{"name":"dconf_user","options":{"type":"String","value":"nil"}},{"name":"banner_message_text_gui","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_gui_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"banner_message_text_cli","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_cli_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"banner_message_text_ral","options":{"type":"String","value":"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."}},{"name":"banner_message_text_ral_limited","options":{"type":"String","value":"I've read &amp; consent to terms in IS user agreem't."}},{"name":"lock_delay","options":{"type":"Numeric","value":5}},{"name":"difok","options":{"type":"Numeric","value":8}},{"name":"min_reuse_generations","options":{"type":"Numeric","value":5}},{"name":"min_len","options":{"type":"Numeric","value":15}},{"name":"days_of_inactivity","options":{"type":"Numeric","value":0}},{"name":"unsuccessful_attempts","options":{"type":"Numeric","value":3}},{"name":"fail_interval","options":{"type":"Numeric","value":900}},{"name":"lockout_time","options":{"value":604800}},{"name":"file_integrity_tool","options":{"type":"String","value":"aide"}},{"name":"file_integrity_interval","options":{"type":"String","value":"weekly"}},{"name":"system_activity_timeout","options":{"type":"Numeric","value":600}},{"name":"client_alive_interval","options":{"type":"Numeric","value":600}},{"name":"smart_card_status","options":{"type":"String","value":"enabled"}},{"name":"log_pkg_path","options":{"type":"String","value":"/etc/rsyslog.conf"}},{"name":"exempt_home_users","options":{"type":"Array","value":[]}},{"name":"grub_main_cfg","options":{"type":"String","value":"/boot/grub2/grub.cfg"}},{"name":"grub_uefi_main_cfg","options":{"type":"String","value":"/boot/efi/EFI/redhat/grub.cfg"}},{"name":"grub_superuser","options":{"type":"String","value":"root"}},{"name":"grub_user_boot_files","options":{"type":"Array","value":["/boot/grub2/user.cfg"]}},{"name":"grub_uefi_user_boot_files","options":{"type":"Array","value":["/boot/efi/EFI/redhat/user.cfg"]}},{"name":"efi_superusers","options":{"type":"Array","value":["root"]}},{"name":"admin_logins","options":{"type":"Array","value":[]}},{"name":"max_rety","options":{"type":"Numeric","value":3}},{"name":"mfa_pkg_list","options":{"type":"Array","value":["nss-tools","nss-pam-ldapd","esc","pam_pkcs11","pam_krb5","opensc","pcsc-lite-ccid","gdm","authconfig","authconfig-gtk","krb5-libs","krb5-workstation","krb5-pkinit","pcsc-lite","pcsc-lite-libs"]}},{"name":"multifactor_enabled","options":{"type":"String","value":"true"}},{"name":"non_interactive_shells","options":{"type":"Array","value":["/sbin/nologin","/sbin/halt","/sbin/shutdown","/bin/false","/bin/sync","/bin/true"]}},{"name":"randomize_va_space","options":{"type":"Numeric","value":2}},{"name":"non_removable_media_fs","options":{"type":"Array","value":["xfs","ext4","swap","tmpfs"]}},{"name":"approved_tunnels","options":{"type":"Array","value":[]}},{"name":"virtual_machine","options":{"value":false}},{"name":"max_retry","options":{"type":"Numeric","value":3}},{"name":"firewalld_services","options":{"type":"Array","value":[]}},{"name":"firewalld_hosts_allow","options":{"type":"Array","value":[]}},{"name":"firewalld_hosts_deny","options":{"type":"Array","value":[]}},{"name":"firewalld_ports_allow","options":{"type":"Array","value":[]}},{"name":"firewalld_ports_deny","options":{"type":"Array","value":[]}},{"name":"tcpwrappers_allow","options":{"type":"Hash","value":{}}},{"name":"tcpwrappers_deny","options":{"type":"Hash","value":{}}},{"name":"iptables_rules","options":{"type":"Array","value":[]}},{"name":"firewalld_services_deny","options":{"type":"Hash","value":{}}},{"name":"firewalld_zones","options":{"type":"Array","value":[]}},{"name":"maxlogins_limit","options":{"type":"Numeric","value":10}},{"name":"custom_antivirus","options":{"type":"Boolean","value":false}},{"name":"custom_antivirus_description","options":{"type":"String","value":"None"}},{"name":"custom_hips","options":{"type":"Boolean","value":false}},{"name":"custom_hips_description","options":{"type":"String","value":"An6yTr21kC"}},{"name":"max_daemon_processes","options":{"type":"Numeric","value":1}},{"name":"aide_exclude_patterns","options":{"type":"Array","value":[]}},{"name":"terminal_mux_pkgs","options":{"type":"Array","value":["tmux","screen"]}},{"name":"disallowed_accounts","options":{"value":["games","gopher","ftp"]}},{"name":"grub_superusers","options":{"value":["root"]}},{"name":"efi_user_boot_files","options":{"value":["/boot/efi/EFI/redhat/user.cfg"]}},{"name":"efi_main_cfg","options":{"value":"/boot/efi/EFI/redhat/grub.cfg"}}],"copyright":"MITRE, 2020","copyright_email":"saf@groups.mitre.org","maintainer":"MITRE SAF Team","version":"2.6.0"}}</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>Red Hat Enterprise Linux 7 STIG</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>The Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems.  Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+					<SID_DATA>Release: 6</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>Apache-2.0</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71973</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86597r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that a file integrity tool verifies the baseline operating system configuration
-at least weekly.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+at least weekly.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unauthorized changes to the baseline configuration could make the
 system vulnerable to various attacks or allow unauthorized access to the
 operating system. Changes to operating system configurations can have
@@ -103,17 +98,17 @@ unintended side effects, some of which may be relevant to security.
 
     Detecting such changes and providing an automated response can help avoid
 unintended, negative consequences that could ultimately affect the security
-state of the operating system. The operating system&#39;s Information Management
-Officer (IMO)&#x2F;Information System Security Officer (ISSO) and System
-Administrators (SAs) must be notified via email and&#x2F;or monitoring system trap
-when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+state of the operating system. The operating system's Information Management
+Officer (IMO)/Information System Security Officer (ISSO) and System
+Administrators (SAs) must be notified via email and/or monitoring system trap
+when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system routinely checks the baseline configuration for
 unauthorized changes.
 
@@ -136,308 +131,296 @@ command used in the example will use a daily occurrence.
 the file integrity application. For example, if AIDE is installed on the
 system, use the following command:
 
-    # ls -al &#x2F;etc&#x2F;cron.* | grep aide
+    # ls -al /etc/cron.* | grep aide
     -rwxr-xr-x 1 root root 29 Nov 22 2015 aide
 
-    # grep aide &#x2F;etc&#x2F;crontab &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root
-    &#x2F;etc&#x2F;crontab: 30 04 * * * &#x2F;root&#x2F;aide
-    &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root: 30 04 * * * &#x2F;root&#x2F;aide
+    # grep aide /etc/crontab /var/spool/cron/root
+    /etc/crontab: 30 04 * * * /root/aide
+    /var/spool/cron/root: 30 04 * * * /root/aide
 
     If the file integrity application does not exist, or a script file
 controlling the execution of the file integrity application does not exist,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to run automatically on the system at
 least weekly. The following example output is generic. It will set cron to run
 AIDE daily, but other file integrity tools may be used:
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-    #!&#x2F;bin&#x2F;bash
-
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2a306af6-79d7-45aa-b754-79d1d3a4ebde</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-File &#x2F;etc&#x2F;cron.daily&#x2F;aide is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81017</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95729r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/cron.daily/aide
+    #!/bin/bash
+
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71973\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat a file integrity tool verifies the baseline operating system configuration\nat least weekly.\"\n  desc  \"Unauthorized changes to the baseline configuration could make the\nsystem vulnerable to various attacks or allow unauthorized access to the\noperating system. Changes to operating system configurations can have\nunintended side effects, some of which may be relevant to security.\n\n    Detecting such changes and providing an automated response can help avoid\nunintended, negative consequences that could ultimately affect the security\nstate of the operating system. The operating system's Information Management\nOfficer (IMO)/Information System Security Officer (ISSO) and System\nAdministrators (SAs) must be notified via email and/or monitoring system trap\nwhen there is an unauthorized modification of a configuration item.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system routinely checks the baseline configuration for\nunauthorized changes.\n\n    Note: A file integrity tool other than Advanced Intrusion Detection\nEnvironment (AIDE) may be used, but the tool must be executed at least once per\nweek.\n\n    Check to see if AIDE is installed on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the SA how file integrity checks are\nperformed on the system.\n\n    Check for the presence of a cron job running daily or weekly on the system\nthat executes AIDE daily to scan for changes to the system baseline. The\ncommand used in the example will use a daily occurrence.\n\n    Check the cron directories for a script file controlling the execution of\nthe file integrity application. For example, if AIDE is installed on the\nsystem, use the following command:\n\n    # ls -al /etc/cron.* | grep aide\n    -rwxr-xr-x 1 root root 29 Nov 22 2015 aide\n\n    # grep aide /etc/crontab /var/spool/cron/root\n    /etc/crontab: 30 04 * * * /root/aide\n    /var/spool/cron/root: 30 04 * * * /root/aide\n\n    If the file integrity application does not exist, or a script file\ncontrolling the execution of the file integrity application does not exist,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to run automatically on the system at\nleast weekly. The following example output is generic. It will set cron to run\nAIDE daily, but other file integrity tools may be used:\n\n    # more /etc/cron.daily/aide\n    #!/bin/bash\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000363-GPOS-00150\"\n  tag gid: \"V-71973\"\n  tag rid: \"SV-86597r2_rule\"\n  tag stig_id: \"RHEL-07-020030\"\n  tag fix_id: \"F-78325r2_fix\"\n  tag cci: [\"CCI-001744\"]\n  tag nist: [\"CM-3 (5)\", \"Rev_4\"]\n\n  file_integrity_tool = input('file_integrity_tool')\n  file_integrity_interval = input('file_integrity_interval')\n\n  describe package(file_integrity_tool) do\n    it { should be_installed }\n  end\n\n  if file_integrity_interval == 'monthly'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.monthly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('months') { should cmp '*' }\n          its('weekdays') { should cmp '*' }\n        end\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('months') { should cmp '*' }\n        its('weekdays') { should cmp '*' }\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n      end\n    end\n  elsif file_integrity_interval == 'weekly'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n      end\n    end\n  elsif file_integrity_interval == 'daily'\n    describe.one do\n      describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n        it { should exist }\n      end\n      if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n        describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n          its('days') { should cmp '*' }\n          its('months') { should cmp '*' }\n          its('weekdays') { should cmp '*' }\n        end\n      end\n      describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n        its('days') { should cmp '*' }\n        its('months') { should cmp '*' }\n        its('weekdays') { should cmp '*' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST File /etc/cron.daily/aide is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81017</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95729r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must configure the
-au-remote plugin to off-load audit logs using the audisp-remote daemon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+au-remote plugin to off-load audit logs using the audisp-remote daemon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
 storage capacity.
 
-    Without the configuration of the &quot;au-remote&quot; plugin, the audisp-remote
-daemon will not off load the logs from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the &quot;au-remote&quot; plugin is configured to always off-load audit logs
+    Without the configuration of the "au-remote" plugin, the audisp-remote
+daemon will not off load the logs from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the "au-remote" plugin is configured to always off-load audit logs
 using the audisp-remote daemon:
 
-    # cat &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf | grep -v &quot;^#&quot;
+    # cat /etc/audisp/plugins.d/au-remote.conf | grep -v "^#"
 
-    active &#x3D; yes
-    direction &#x3D; out
-    path &#x3D; &#x2F;sbin&#x2F;audisp-remote
-    type &#x3D; always
-    format &#x3D; string
+    active = yes
+    direction = out
+    path = /sbin/audisp-remote
+    type = always
+    format = string
 
-    If the &quot;direction&quot; setting is not set to &quot;out&quot;, or the line is
+    If the "direction" setting is not set to "out", or the line is
 commented out, this is a finding.
 
-    If the &quot;path&quot; setting is not set to &quot;&#x2F;sbin&#x2F;audisp-remote&quot;, or the line
+    If the "path" setting is not set to "/sbin/audisp-remote", or the line
 is commented out, this is a finding.
 
-    If the &quot;type&quot; setting is not set to &quot;always&quot;, or the line is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf file and add or update the
+    If the "type" setting is not set to "always", or the line is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the
 following values:
 
-    direction &#x3D; out
-    path &#x3D; &#x2F;sbin&#x2F;audisp-remote
-    type &#x3D; always
+    direction = out
+    path = /sbin/audisp-remote
+    type = always
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b40d852c-e15d-4ee7-b7e7-f3de23729808</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95717r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010482</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81017\" do\n  title \"The Red Hat Enterprise Linux operating system must configure the\nau-remote plugin to off-load audit logs using the audisp-remote daemon.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    Without the configuration of the \\\"au-remote\\\" plugin, the audisp-remote\ndaemon will not off load the logs from the system being audited.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the \\\"au-remote\\\" plugin is configured to always off-load audit logs\nusing the audisp-remote daemon:\n\n    # cat /etc/audisp/plugins.d/au-remote.conf | grep -v \\\"^#\\\"\n\n    active = yes\n    direction = out\n    path = /sbin/audisp-remote\n    type = always\n    format = string\n\n    If the \\\"direction\\\" setting is not set to \\\"out\\\", or the line is\ncommented out, this is a finding.\n\n    If the \\\"path\\\" setting is not set to \\\"/sbin/audisp-remote\\\", or the line\nis commented out, this is a finding.\n\n    If the \\\"type\\\" setting is not set to \\\"always\\\", or the line is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the\nfollowing values:\n\n    direction = out\n    path = /sbin/audisp-remote\n    type = always\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81017\"\n  tag rid: \"SV-95729r1_rule\"\n  tag stig_id: \"RHEL-07-030201\"\n  tag fix_id: \"F-87851r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  test_file = '/etc/audisp/plugins.d/au-remote.conf'\n\n  if file(test_file).exist?\n    describe parse_config_file(test_file) do\n      its('direction') { should match %r{out$} }\n      its('path') { should match %r{/sbin/audisp-remote$} }\n      its('type') { should match %r{always$} }\n    end\n  else\n    describe \"File '#{test_file}' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '#{test_file}' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95717r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010482</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems version 7.2 or newer with a
-Basic Input&#x2F;Output System (BIOS) must require authentication upon booting into
-single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Basic Input/Output System (BIOS) must require authentication upon booting into
+single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use UEFI, this is Not Applicable.
 
     For systems that are running a version of RHEL prior to 7.2, this is Not
@@ -446,22 +429,22 @@ Applicable.
     Check to see if an encrypted root password is set. On systems that use a
 BIOS, use the following command:
 
-    # grep -iw grub2_password &#x2F;boot&#x2F;grub2&#x2F;user.cfg
-    GRUB2_PASSWORD&#x3D;grub.pbkdf2.sha512.[password_hash]
+    # grep -iw grub2_password /boot/grub2/user.cfg
+    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
-    If the root password does not begin with &quot;grub.pbkdf2.sha512&quot;, this is a
+    If the root password does not begin with "grub.pbkdf2.sha512", this is a
 finding.
 
-    Verify that the &quot;root&quot; account is set as the &quot;superusers&quot;:
+    Verify that the "root" account is set as the "superusers":
 
-    # grep -iw &quot;superusers&quot; &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-        set superusers&#x3D;&quot;root&quot;
+    # grep -iw "superusers" /boot/grub2/grub.cfg
+        set superusers="root"
         export superusers
 
-    If &quot;superusers&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "superusers" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -472,703 +455,673 @@ finding.
     Enter password:
     Confirm password:
 
-    Edit the &#x2F;boot&#x2F;grub2&#x2F;grub.cfg file and add or modify the following lines in
-the &quot;### BEGIN &#x2F;etc&#x2F;grub.d&#x2F;01_users ###&quot; section:
-
-    set superusers&#x3D;&quot;root&quot;
-    export superusers</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9226c81d-c070-46bd-a29b-d2817301b3fe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;boot&#x2F;grub2&#x2F;user.cfg
-Can&#39;t find file: &#x2F;boot&#x2F;grub2&#x2F;user.cfg
---------------------------------
-passed
-Parse Config File &#x2F;boot&#x2F;grub2&#x2F;grub.cfg set superusers is expected to cmp &#x3D;&#x3D; &quot;\&quot;root\&quot;&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71957</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86581r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Edit the /boot/grub2/grub.cfg file and add or modify the following lines in
+the "### BEGIN /etc/grub.d/01_users ###" section:
+
+    set superusers="root"
+    export superusers</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81005\" do\n  title \"Red Hat Enterprise Linux operating systems version 7.2 or newer with a\nBasic Input/Output System (BIOS) must require authentication upon booting into\nsingle-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use UEFI, this is Not Applicable.\n\n    For systems that are running a version of RHEL prior to 7.2, this is Not\nApplicable.\n\n    Check to see if an encrypted root password is set. On systems that use a\nBIOS, use the following command:\n\n    # grep -iw grub2_password /boot/grub2/user.cfg\n    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]\n\n    If the root password does not begin with \\\"grub.pbkdf2.sha512\\\", this is a\nfinding.\n\n    Verify that the \\\"root\\\" account is set as the \\\"superusers\\\":\n\n    # grep -iw \\\"superusers\\\" /boot/grub2/grub.cfg\n        set superusers=\\\"root\\\"\n        export superusers\n\n    If \\\"superusers\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-setpassword\n    Enter password:\n    Confirm password:\n\n    Edit the /boot/grub2/grub.cfg file and add or modify the following lines in\nthe \\\"### BEGIN /etc/grub.d/01_users ###\\\" section:\n\n    set superusers=\\\"root\\\"\n    export superusers\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-81005\"\n  tag rid: \"SV-95717r1_rule\"\n  tag stig_id: \"RHEL-07-010482\"\n  tag fix_id: \"F-87839r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  if file('/sys/firmware/efi').exist?\n    impact 0.0\n    describe \"System running UEFI\" do\n      skip \"The System is running UEFI, this control is Not Applicable.\"\n    end\n  else\n    unless os[:release] &gt;= \"7.2\"\n      impact 0.0\n      describe \"System running version of RHEL prior to 7.2\" do\n        skip \"The System is running an outdated version of RHEL, this control is Not Applicable.\"\n      end\n    else\n      impact 0.7\n      input('grub_user_boot_files').each do |grub_user_file|\n        describe parse_config_file(grub_user_file) do\n          its('GRUB2_PASSWORD') { should include \"grub.pbkdf2.sha512\"}\n        end\n      end\n\n      describe parse_config_file(input('grub_main_cfg')) do\n        its('set superusers') { should cmp '\"root\"' }  \n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /boot/grub2/user.cfg :: SKIP_MESSAGE Can't find file: /boot/grub2/user.cfg
+--------------------------------
+passed :: TEST Parse Config File /boot/grub2/grub.cfg set superusers is expected to cmp == "\"root\""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71957</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86581r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow users to
-override SSH environment variables.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+override SSH environment variables.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow users to override environment
 variables to the SSH daemon.
 
-    Check for the value of the &quot;PermitUserEnvironment&quot; keyword with the
+    Check for the value of the "PermitUserEnvironment" keyword with the
 following command:
 
-    # grep -i permituserenvironment &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i permituserenvironment /etc/ssh/sshd_config
     PermitUserEnvironment no
 
-    If the &quot;PermitUserEnvironment&quot; keyword is not set to &quot;no&quot;, is missing,
-or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PermitUserEnvironment" keyword is not set to "no", is missing,
+or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow users to override environment
 variables to the SSH daemon.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for
-&quot;PermitUserEnvironment&quot; keyword and set the value to &quot;no&quot;:
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for
+"PermitUserEnvironment" keyword and set the value to "no":
 
     PermitUserEnvironment no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bc937758-d687-4246-814c-7044342adabd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitUserEnvironment is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77823</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92519r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010481</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71957\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow users to\noverride SSH environment variables.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow users to override environment\nvariables to the SSH daemon.\n\n    Check for the value of the \\\"PermitUserEnvironment\\\" keyword with the\nfollowing command:\n\n    # grep -i permituserenvironment /etc/ssh/sshd_config\n    PermitUserEnvironment no\n\n    If the \\\"PermitUserEnvironment\\\" keyword is not set to \\\"no\\\", is missing,\nor is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow users to override environment\nvariables to the SSH daemon.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for\n\\\"PermitUserEnvironment\\\" keyword and set the value to \\\"no\\\":\n\n    PermitUserEnvironment no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71957\"\n  tag rid: \"SV-86581r3_rule\"\n  tag stig_id: \"RHEL-07-010460\"\n  tag fix_id: \"F-78309r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitUserEnvironment') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitUserEnvironment is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77823</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92519r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010481</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must require
-authentication upon booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication upon booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
-maintenance mode is granted privileged access to all files on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintenance mode is granted privileged access to all files on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must require authentication upon booting into
 single-user and maintenance modes.
 
     Check that the operating system requires authentication upon booting into
 single-user mode with the following command:
 
-    # grep -i execstart &#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service | grep -i sulogin
+    # grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin
 
-    ExecStart&#x3D;-&#x2F;bin&#x2F;sh -c &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin; &#x2F;usr&#x2F;bin&#x2F;systemctl --fail
---no-block default&quot;
+    ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail
+--no-block default"
 
-    If &quot;ExecStart&quot; does not have &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin&quot; as an option, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ExecStart" does not have "/usr/sbin/sulogin" as an option, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require authentication upon booting into
 single-user and maintenance modes.
 
-    Add or modify the &quot;ExecStart&quot; line in
-&quot;&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service&quot; to include &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin&quot;:
-
-    ExecStart&#x3D;-&#x2F;bin&#x2F;sh -c &quot;&#x2F;usr&#x2F;sbin&#x2F;sulogin; &#x2F;usr&#x2F;bin&#x2F;systemctl --fail
---no-block default&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>23620b06-3ec2-416d-8514-3decef4f1a65</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i execstart &#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;rescue.service&#x60; stdout.strip is expected to match &#x2F;\&#x2F;usr\&#x2F;sbin\&#x2F;sulogin&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72243</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86867r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the "ExecStart" line in
+"/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin":
+
+    ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail
+--no-block default"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77823\" do\n  title \"The Red Hat Enterprise Linux operating system must require\nauthentication upon booting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must require authentication upon booting into\nsingle-user and maintenance modes.\n\n    Check that the operating system requires authentication upon booting into\nsingle-user mode with the following command:\n\n    # grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin\n\n    ExecStart=-/bin/sh -c \\\"/usr/sbin/sulogin; /usr/bin/systemctl --fail\n--no-block default\\\"\n\n    If \\\"ExecStart\\\" does not have \\\"/usr/sbin/sulogin\\\" as an option, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require authentication upon booting into\nsingle-user and maintenance modes.\n\n    Add or modify the \\\"ExecStart\\\" line in\n\\\"/usr/lib/systemd/system/rescue.service\\\" to include \\\"/usr/sbin/sulogin\\\":\n\n    ExecStart=-/bin/sh -c \\\"/usr/sbin/sulogin; /usr/bin/systemctl --fail\n--no-block default\\\"\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-77823\"\n  tag rid: \"SV-92519r2_rule\"\n  tag stig_id: \"RHEL-07-010481\"\n  tag fix_id: \"F-84523r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  describe command(\"grep -i execstart /usr/lib/systemd/system/rescue.service\") do\n    its('stdout.strip') { should match %r{/usr/sbin/sulogin} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i execstart /usr/lib/systemd/system/rescue.service` stdout.strip is expected to match /\/usr\/sbin\/sulogin/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72243</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86867r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not allow authentication using rhosts authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not allow authentication using rhosts authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not allow authentication using known hosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;IgnoreRhosts&quot; option is set, run the
+    To determine how the SSH daemon's "IgnoreRhosts" option is set, run the
 following command:
 
-    # grep -i IgnoreRhosts &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i IgnoreRhosts /etc/ssh/sshd_config
 
     IgnoreRhosts yes
 
-    If the value is returned as &quot;no&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "no", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using known hosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;yes&quot;:
-
-    IgnoreRhosts yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>73eab482-8719-47e8-9861-a6d9b429f4b8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration IgnoreRhosts is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-79001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93707r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030821</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "yes":
+
+    IgnoreRhosts yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72243\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using rhosts authentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not allow authentication using known hosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"IgnoreRhosts\\\" option is set, run the\nfollowing command:\n\n    # grep -i IgnoreRhosts /etc/ssh/sshd_config\n\n    IgnoreRhosts yes\n\n    If the value is returned as \\\"no\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using known hosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"yes\\\":\n\n    IgnoreRhosts yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72243\"\n  tag rid: \"SV-86867r3_rule\"\n  tag stig_id: \"RHEL-07-040350\"\n  tag fix_id: \"F-78597r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('IgnoreRhosts') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration IgnoreRhosts is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-79001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93707r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030821</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the finit_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the finit_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;finit_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "finit_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw finit_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw finit_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S finit_module -k module-change
+    -a always,exit -F arch=b32 -S finit_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S finit_module -k module-change
+    -a always,exit -F arch=b64 -S finit_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;finit_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"finit_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;finit_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S finit_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S finit_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b63b81c9-87dc-4057-85a1-9a9429dbc51a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;finit_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86591r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "finit_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S finit_module -k module-change
+
+    -a always,exit -F arch=b64 -S finit_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-79001\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe finit_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"finit_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw finit_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S finit_module -k module-change\n\n    -a always,exit -F arch=b64 -S finit_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"finit_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"finit_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S finit_module -k module-change\n\n    -a always,exit -F arch=b64 -S finit_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-79001\"\n  tag rid: \"SV-93707r3_rule\"\n  tag stig_id: \"RHEL-07-030821\"\n  tag fix_id: \"F-85751r3_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"finit_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"finit_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "finit_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86591r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
-rsh-server package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+rsh-server package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is detrimental for operating systems to provide, or install by
 default, functionality exceeding requirements or mission objectives. These
 unnecessary capabilities or services are often overlooked and therefore may
@@ -1185,147 +1138,142 @@ does not provide for the confidentiality and integrity of user passwords or the
 remote session and has very weak authentication.
 
     If a privileged user were to log on using this service, the privileged user
-password could be compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+password could be compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if the rsh-server package is installed with the following
 command:
 
     # yum list installed rsh-server
 
-    If the rsh-server package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the rsh-server package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
 removing the rsh-server package from the system with the following command:
 
-    # yum remove rsh-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d5377b23-782a-4f4b-85fc-2be2447054d9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package rsh-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72301</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86925r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove rsh-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71967\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\nrsh-server package installed.\"\n  desc  \"It is detrimental for operating systems to provide, or install by\ndefault, functionality exceeding requirements or mission objectives. These\nunnecessary capabilities or services are often overlooked and therefore may\nremain unsecured. They increase the risk to the platform by providing\nadditional attack vectors.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services, provided by default, may not be\nnecessary to support essential organizational operations (e.g., key missions,\nfunctions).\n\n    The rsh-server service provides an unencrypted remote access service that\ndoes not provide for the confidentiality and integrity of user passwords or the\nremote session and has very weak authentication.\n\n    If a privileged user were to log on using this service, the privileged user\npassword could be compromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if the rsh-server package is installed with the following\ncommand:\n\n    # yum list installed rsh-server\n\n    If the rsh-server package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the rsh-server package from the system with the following command:\n\n    # yum remove rsh-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-71967\"\n  tag rid: \"SV-86591r2_rule\"\n  tag stig_id: \"RHEL-07-020000\"\n  tag fix_id: \"F-78319r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package(\"rsh-server\") do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package rsh-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72301</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86925r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
 Trivial File Transfer Protocol (TFTP) server package installed if not required
-for operational support.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+for operational support.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If TFTP is required for operational support (such as the transmission
 of router configurations) its use must be documented with the Information
 System Security Officer (ISSO), restricted to only authorized personnel, and
-have access control rules established.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+have access control rules established.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify a TFTP server has not been installed on the system.
 
     Check to see if a TFTP server has been installed with the following command:
@@ -1334,793 +1282,759 @@ have access control rules established.</ATTRIBUTE_DATA>
     tftp-server-0.49-9.el7.x86_64.rpm
 
     If TFTP is installed and the requirement for TFTP is not documented with
-the ISSO, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+the ISSO, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove the TFTP package from the system with the following command:
 
-# yum remove tftp-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>600cd667-1218-4458-af5a-30d059c59f59</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package tftp-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72147</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86771r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum remove tftp-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72301\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\nTrivial File Transfer Protocol (TFTP) server package installed if not required\nfor operational support.\"\n  desc  \"If TFTP is required for operational support (such as the transmission\nof router configurations) its use must be documented with the Information\nSystem Security Officer (ISSO), restricted to only authorized personnel, and\nhave access control rules established.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify a TFTP server has not been installed on the system.\n\n    Check to see if a TFTP server has been installed with the following command:\n\n    # yum list installed tftp-server\n    tftp-server-0.49-9.el7.x86_64.rpm\n\n    If TFTP is installed and the requirement for TFTP is not documented with\nthe ISSO, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove the TFTP package from the system with the following command:\n\n    # yum remove tftp-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72301\"\n  tag rid: \"SV-86925r2_rule\"\n  tag stig_id: \"RHEL-07-040700\"\n  tag fix_id: \"F-78655r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe package('tftp-server') do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package tftp-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72147</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86771r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
-records for all successful account access events.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records for all successful account access events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when successful account
 access events occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -i &#x2F;var&#x2F;log&#x2F;lastlog &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /var/log/lastlog /etc/audit/audit.rules
 
-    -w &#x2F;var&#x2F;log&#x2F;lastlog -p wa -k logins
+    -w /var/log/lastlog -p wa -k logins
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when successful
 account access events occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;var&#x2F;log&#x2F;lastlog -p wa -k logins
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>04600346-d688-4247-ae25-a1bd4a3d170c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;log&#x2F;lastlog&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;log&#x2F;lastlog&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71921</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86545r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /var/log/lastlog -p wa -k logins
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72147\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all successful account access events.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when successful account\naccess events occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -i /var/log/lastlog /etc/audit/audit.rules\n\n    -w /var/log/lastlog -p wa -k logins\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when successful\naccount access events occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /var/log/lastlog -p wa -k logins\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000470-GPOS-00214\",\n\"SRG-OS-000473-GPOS-00218\"]\n  tag gid: \"V-72147\"\n  tag rid: \"SV-86771r3_rule\"\n  tag stig_id: \"RHEL-07-030620\"\n  tag fix_id: \"F-78499r3_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/var/log/lastlog'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/var/log/lastlog" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/var/log/lastlog" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71921</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86545r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-use the shadow file to store only encrypted representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+use the shadow file to store only encrypted representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the system&#39;s shadow file is configured to store only encrypted
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the system's shadow file is configured to store only encrypted
 representations of passwords. The strength of encryption that must be used to
 hash passwords for all accounts is SHA512.
 
     Check that the system is configured to create SHA512 hashed passwords with
 the following command:
 
-    # grep -i encrypt &#x2F;etc&#x2F;login.defs
+    # grep -i encrypt /etc/login.defs
     ENCRYPT_METHOD SHA512
 
-    If the &quot;&#x2F;etc&#x2F;login.defs&quot; configuration file does not exist or allows for
-password hashes other than SHA512 to be used, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "/etc/login.defs" configuration file does not exist or allows for
+password hashes other than SHA512 to be used, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add or update the following line in &quot;&#x2F;etc&#x2F;login.defs&quot;:
-
-    ENCRYPT_METHOD SHA512</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0ce1464a-a0b2-4fe0-8504-3a14e91b08c9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs ENCRYPT_METHOD is expected to cmp &#x3D;&#x3D; &quot;SHA512&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86829r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030910</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following line in "/etc/login.defs":
+
+    ENCRYPT_METHOD SHA512</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71921\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nuse the shadow file to store only encrypted representations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system's shadow file is configured to store only encrypted\nrepresentations of passwords. The strength of encryption that must be used to\nhash passwords for all accounts is SHA512.\n\n    Check that the system is configured to create SHA512 hashed passwords with\nthe following command:\n\n    # grep -i encrypt /etc/login.defs\n    ENCRYPT_METHOD SHA512\n\n    If the \\\"/etc/login.defs\\\" configuration file does not exist or allows for\npassword hashes other than SHA512 to be used, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add or update the following line in \\\"/etc/login.defs\\\":\n\n    ENCRYPT_METHOD SHA512\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71921\"\n  tag rid: \"SV-86545r2_rule\"\n  tag stig_id: \"RHEL-07-010210\"\n  tag fix_id: \"F-78273r1_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('ENCRYPT_METHOD') { should cmp \"SHA512\" }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs ENCRYPT_METHOD is expected to cmp == "SHA512"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86829r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030910</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unlink syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unlink syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlink&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlink" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw unlink &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw unlink /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;unlink&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"unlink" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlink&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlink" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlink -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c1d9265d-6b87-41ad-a195-7968977b1eb3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlink&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86735r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72205\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unlink syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlink\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw unlink /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"unlink\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlink\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72205\"\n  tag rid: \"SV-86829r5_rule\"\n  tag stig_id: \"RHEL-07-030910\"\n  tag fix_id: \"F-78559r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"unlink\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"unlink\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "unlink" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlink" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72111</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86735r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "setxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw setxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw setxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;setxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"setxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "setxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S setxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6edb39c5-2ed4-4a9b-8644-625ad9726a84</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;setxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71961</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86585r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72111\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw setxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"setxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72111\"\n  tag rid: \"SV-86735r5_rule\"\n  tag stig_id: \"RHEL-07-030440\"\n  tag fix_id: \"F-78463r8_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"setxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"setxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "setxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71961</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86585r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems prior to version 7.2 with a
-Basic Input&#x2F;Output System (BIOS) must require authentication upon booting into
-single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Basic Input/Output System (BIOS) must require authentication upon booting into
+single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use UEFI, this is Not Applicable.
     For systems that are running RHEL 7.2 or newer, this is Not Applicable.
 
     Check to see if an encrypted root password is set. On systems that use a
 BIOS, use the following command:
 
-    # grep -i password_pbkdf2 &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grep -i password_pbkdf2 /boot/grub2/grub.cfg
 
     password_pbkdf2 [superusers-account] [password-hash]
 
-    If the root password entry does not begin with &quot;password_pbkdf2&quot;, this is
+    If the root password entry does not begin with "password_pbkdf2", this is
 a finding.
 
-    If the &quot;superusers-account&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "superusers-account" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -2134,140 +2048,131 @@ a finding.
     PBKDF2 hash of your password is
 grub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
 
-    Edit &quot;&#x2F;etc&#x2F;grub.d&#x2F;40_custom&quot; and add the following lines below the
+    Edit "/etc/grub.d/40_custom" and add the following lines below the
 comments:
 
-    # vi &#x2F;etc&#x2F;grub.d&#x2F;40_custom
+    # vi /etc/grub.d/40_custom
 
-    set superusers&#x3D;&quot;root&quot;
+    set superusers="root"
 
     password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}
 
-    Generate a new &quot;grub.conf&quot; file with the new password with the following
+    Generate a new "grub.conf" file with the new password with the following
 commands:
 
-    # grub2-mkconfig --output&#x3D;&#x2F;tmp&#x2F;grub2.cfg
-    # mv &#x2F;tmp&#x2F;grub2.cfg &#x2F;boot&#x2F;grub2&#x2F;grub.cfg</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>30c7f6f4-408a-4744-9bed-9632ec442f4c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-There must be only one grub2 superuser, and it must have the value root length is expected to cmp &#x3D;&#x3D; 1
---------------------------------
-passed
-There must be only one grub2 superuser, and it must have the value root first is expected to cmp &#x3D;&#x3D; &quot;root&quot;
---------------------------------
-passed
-The grub2 superuser password entry must begin with &#39;password_pbkdf2&#39; is expected to include &quot;password_pbkdf2&quot;
---------------------------------
-passed
-The grub2 superuser password entry must begin with &#39;password_pbkdf2&#39; length is expected to be &gt;&#x3D; 1
---------------------------------
-passed
-The grub2 superuser account password should be encrypted with pbkdf2. is expected to match &#x2F;password_pbkdf2\sroot\sgrub\.pbkdf2&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72295</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86919r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grub2-mkconfig --output=/tmp/grub2.cfg
+    # mv /tmp/grub2.cfg /boot/grub2/grub.cfg</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71961\" do\n  title \"Red Hat Enterprise Linux operating systems prior to version 7.2 with a\nBasic Input/Output System (BIOS) must require authentication upon booting into\nsingle-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use UEFI, this is Not Applicable.\n    For systems that are running RHEL 7.2 or newer, this is Not Applicable.\n\n    Check to see if an encrypted root password is set. On systems that use a\nBIOS, use the following command:\n\n    # grep -i password_pbkdf2 /boot/grub2/grub.cfg\n\n    password_pbkdf2 [superusers-account] [password-hash]\n\n    If the root password entry does not begin with \\\"password_pbkdf2\\\", this is\na finding.\n\n    If the \\\"superusers-account\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-mkpasswd-pbkdf2\n\n    Enter Password:\n    Reenter Password:\n    PBKDF2 hash of your password is\ngrub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45\n\n    Edit \\\"/etc/grub.d/40_custom\\\" and add the following lines below the\ncomments:\n\n    # vi /etc/grub.d/40_custom\n\n    set superusers=\\\"root\\\"\n\n    password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}\n\n    Generate a new \\\"grub.conf\\\" file with the new password with the following\ncommands:\n\n    # grub2-mkconfig --output=/tmp/grub2.cfg\n    # mv /tmp/grub2.cfg /boot/grub2/grub.cfg\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-71961\"\n  tag rid: \"SV-86585r6_rule\"\n  tag stig_id: \"RHEL-07-010480\"\n  tag fix_id: \"F-78313r3_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  grub_superuser = input('grub_superuser')\n  grub_user_boot_files = input('grub_user_boot_files')\n  grub_main_cfg = input('grub_main_cfg')\n\n  grub_main_content = file(grub_main_cfg).content\n\n  # Check if any additional superusers are set\n  pattern = %r{\\s*set superusers=\\\"(\\w+)\\\"}i\n  matches = grub_main_content.match(pattern)\n  superusers = matches.nil? ? [] : matches.captures\n  describe \"There must be only one grub2 superuser, and it must have the value #{grub_superuser}\" do\n    subject { superusers }\n    its('length') { should cmp 1 }\n    its('first') { should cmp grub_superuser }\n  end\n\n  # Need each password entry that has the superuser\n  pattern = %r{(.*)\\s#{grub_superuser}\\s}i\n  matches = grub_main_content.match(pattern)\n  password_entries = matches.nil? ? [] : matches.captures\n  # Each of the entries should start with password_pbkdf2\n  describe 'The grub2 superuser password entry must begin with \\'password_pbkdf2\\'' do\n    subject { password_entries }\n    its('length') { is_expected.to be &gt;= 1}\n    password_entries.each do |entry|\n      subject { entry }\n      it { should include 'password_pbkdf2'}\n    end\n  end\n\n  # Get lines such as 'password_pbkdf2 root ${ENV}'\n  pattern = %r{password_pbkdf2\\s#{grub_superuser}\\s(\\${\\w+})}i\n  matches = grub_main_content.match(pattern)\n  env_vars = matches.nil? ? [] : matches.captures\n  if env_vars.length &gt; 0\n    # If there is an environment variable in the configuration file check that it is set with correct values by looking\n    # in user.cfg files.\n    env_vars = env_vars.map { |env_var| env_var.gsub(/[${}]/, '') }\n    present_user_boot_files = grub_user_boot_files.select { |user_boot_file| file(user_boot_file).exist? }\n    describe 'grub2 user configuration files for the superuser should be present if they set an environment variable' do\n      subject { present_user_boot_files }\n      its('length') { is_expected.to be &gt;= 1 }\n      present_user_boot_files.each do |user_boot_file|\n        env_vars.each do |env_var|\n          describe \"#{user_boot_file} should set #{env_var} to a pbkdf2 value\" do\n              subject { file(user_boot_file) }\n              its('content') { should match %r{^#{env_var}=grub.pbkdf2}i }\n          end\n        end\n      end\n    end\n  else\n    # If there are no environment variable set, look for pbkdf2 after the superuser name\n    pattern = %r{password_pbkdf2\\s#{grub_superuser}\\sgrub\\.pbkdf2}i\n    describe 'The grub2 superuser account password should be encrypted with pbkdf2.' do\n      subject { grub_main_content }\n      it { should match pattern }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST There must be only one grub2 superuser, and it must have the value root length is expected to cmp == 1
+--------------------------------
+passed :: TEST There must be only one grub2 superuser, and it must have the value root first is expected to cmp == "root"
+--------------------------------
+passed :: TEST The grub2 superuser password entry must begin with 'password_pbkdf2' is expected to include "password_pbkdf2"
+--------------------------------
+passed :: TEST The grub2 superuser password entry must begin with 'password_pbkdf2' length is expected to be &gt;= 1
+--------------------------------
+passed :: TEST The grub2 superuser account password should be encrypted with pbkdf2. is expected to match /password_pbkdf2\sroot\sgrub\.pbkdf2/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72295</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86919r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Network interfaces configured on the Red Hat Enterprise Linux
-operating system must not be in promiscuous mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+operating system must not be in promiscuous mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Network interfaces in promiscuous mode allow for the capture of all
 network traffic visible to the system. If unauthorized individuals can access
 these applications, it may allow then to collect information such as logon IDs,
@@ -2275,14 +2180,14 @@ passwords, and key exchanges between systems.
 
     If the system is being used to perform a network troubleshooting function,
 the use of these tools must be documented with the Information System Security
-Officer (ISSO) and restricted to only authorized personnel.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Officer (ISSO) and restricted to only authorized personnel.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify network interfaces are not in promiscuous mode unless approved by
 the ISSO and documented.
 
@@ -2291,312 +2196,302 @@ the ISSO and documented.
     # ip link | grep -i promisc
 
     If network interfaces are found on the system in promiscuous mode and their
-use has not been approved by the ISSO and documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+use has not been approved by the ISSO and documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure network interfaces to turn off promiscuous mode unless approved
 by the ISSO and documented.
 
     Set the promiscuous mode of an interface to off with the following command:
 
-    #ip link set dev &lt;devicename&gt; multicast off promisc off</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>94668cc6-6f87-49b0-841c-78dec91a1923</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;ip link | grep -i promisc&#x60; stdout.strip is expected to match &#x2F;^$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86667r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #ip link set dev &lt;devicename&gt; multicast off promisc off</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72295\" do\n  title \"Network interfaces configured on the Red Hat Enterprise Linux\noperating system must not be in promiscuous mode.\"\n  desc  \"Network interfaces in promiscuous mode allow for the capture of all\nnetwork traffic visible to the system. If unauthorized individuals can access\nthese applications, it may allow then to collect information such as logon IDs,\npasswords, and key exchanges between systems.\n\n    If the system is being used to perform a network troubleshooting function,\nthe use of these tools must be documented with the Information System Security\nOfficer (ISSO) and restricted to only authorized personnel.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify network interfaces are not in promiscuous mode unless approved by\nthe ISSO and documented.\n\n    Check for the status with the following command:\n\n    # ip link | grep -i promisc\n\n    If network interfaces are found on the system in promiscuous mode and their\nuse has not been approved by the ISSO and documented, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure network interfaces to turn off promiscuous mode unless approved\nby the ISSO and documented.\n\n    Set the promiscuous mode of an interface to off with the following command:\n\n    #ip link set dev &lt;devicename&gt; multicast off promisc off\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72295\"\n  tag rid: \"SV-86919r2_rule\"\n  tag stig_id: \"RHEL-07-040670\"\n  tag fix_id: \"F-78649r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command(\"ip link | grep -i promisc\") do\n    its('stdout.strip') { should match %r{^$} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `ip link | grep -i promisc` stdout.strip is expected to match /^$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86667r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent files with
 the setuid and setgid bit set from being executed on file systems that are used
-with removable media.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+with removable media.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are used for removable media are mounted with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Check the file systems that are mounted at boot time with the following
 command:
 
-    # more &#x2F;etc&#x2F;fstab
+    # more /etc/fstab
 
-    UUID&#x3D;2bc871e4-e2a3-4f29-9ece-3be60c835222 &#x2F;mnt&#x2F;usbflash vfat
+    UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat
 noauto,owner,ro,nosuid 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to removable media and it
-does not have the &quot;nosuid&quot; option set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that are associated with removable media.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b1b9cdb2-5c4a-433b-aa25-ddae27f02bb1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File system &quot;xfs&quot; does not correspond to removable media. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72081</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000046-GPOS-00022</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86705r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If a file system found in "/etc/fstab" refers to removable media and it
+does not have the "nosuid" option set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that are associated with removable media.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72043\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent files with\nthe setuid and setgid bit set from being executed on file systems that are used\nwith removable media.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are used for removable media are mounted with the\n\\\"nosuid\\\" option.\n\n    Check the file systems that are mounted at boot time with the following\ncommand:\n\n    # more /etc/fstab\n\n    UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat\nnoauto,owner,ro,nosuid 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to removable media and it\ndoes not have the \\\"nosuid\\\" option set, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that are associated with removable media.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72043\"\n  tag rid: \"SV-86667r2_rule\"\n  tag stig_id: \"RHEL-07-021010\"\n  tag fix_id: \"F-78395r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  non_removable_media_fs = input('non_removable_media_fs')\n\n  file_systems = etc_fstab.params\n  if !file_systems.nil? and !file_systems.empty?\n    file_systems.each do |file_sys_line|\n      if !\"#{non_removable_media_fs}\".include?(file_sys_line['file_system_type']) then\n        describe file_sys_line['mount_options'] do\n          it { should include 'nosuid' }\n        end\n      else\n        describe \"File system \\\"#{file_sys_line['file_system_type']}\\\" does not correspond to removable media.\" do\n          subject { \"#{non_removable_media_fs}\".include?(file_sys_line['file_system_type']) }\n          it { should eq true }\n        end\n      end\n    end\n  else\n    describe \"No file systems were found.\" do\n      subject { file_systems.nil? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File system "xfs" does not correspond to removable media. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72081</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000046-GPOS-00022</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86705r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must shut down upon
 audit processing failure, unless availability is an overriding concern. If
 availability is a concern, the system must alert the designated staff (System
 Administrator [SA] and Information System Security Officer [ISSO] at a minimum)
-in the event of an audit processing failure.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+in the event of an audit processing failure.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is critical for the appropriate personnel to be aware if a system
 is at risk of failing to process audit logs as required. Without this
 notification, the security personnel may be unaware of an impending failure of
 the audit capability, and system operation may be adversely affected.
 
-    Audit processing failures include software&#x2F;hardware errors, failures in the
+    Audit processing failures include software/hardware errors, failures in the
 audit capturing mechanisms, and audit storage capacity being reached or
 exceeded.
 
     This requirement applies to each audit data storage repository (i.e.,
 distinct information system component where audit records are stored), the
 centralized audit storage capacity of organizations (i.e., all audit data
-storage repositories combined), or both.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage repositories combined), or both.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Confirm the audit configuration regarding how auditing processing failures
 are handled.
 
-    Check to see what level &quot;auditctl&quot; is set to with following command:
+    Check to see what level "auditctl" is set to with following command:
 
-    # auditctl -s | grep -i &quot;fail&quot;
+    # auditctl -s | grep -i "fail"
 
     failure 2
 
-    If the value of &quot;failure&quot; is set to &quot;2&quot;, the system is configured to
+    If the value of "failure" is set to "2", the system is configured to
 panic (shut down) in the event of an auditing failure.
 
-    If the value of &quot;failure&quot; is set to &quot;1&quot;, the system is configured to
+    If the value of "failure" is set to "1", the system is configured to
 only send information to the kernel log regarding the failure.
 
-    If the &quot;failure&quot; setting is not set, this is a CAT I finding.
+    If the "failure" setting is not set, this is a CAT I finding.
 
-    If the &quot;failure&quot; setting is set to any value other than &quot;1&quot; or &quot;2&quot;,
+    If the "failure" setting is set to any value other than "1" or "2",
 this is a CAT II finding.
 
-    If the &quot;failure&quot; setting is set to &quot;1&quot; but the availability concern is
+    If the "failure" setting is set to "1" but the availability concern is
 not documented or there is no monitoring of the kernel log, this is a CAT III
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to shut down in the event of an audit
 processing failure.
 
@@ -2605,7 +2500,7 @@ following command:
 
     # auditctl -f 2
 
-    Edit the &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot; file and add the following line:
+    Edit the "/etc/audit/rules.d/audit.rules" file and add the following line:
 
     -f 2
 
@@ -2616,556 +2511,534 @@ with the following command:
 
     # auditctl -f 1
 
-    Edit the &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot; file and add the following line:
+    Edit the "/etc/audit/rules.d/audit.rules" file and add the following line:
 
     -f 1
 
     Kernel log monitoring must also be configured to properly alert designated
 staff.
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>06a2b6aa-5f78-4821-8987-b63ede050af4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-2 is expected to match &#x2F;^(1|2)$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72277</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86901r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040540</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72081\" do\n  title \"The Red Hat Enterprise Linux operating system must shut down upon\naudit processing failure, unless availability is an overriding concern. If\navailability is a concern, the system must alert the designated staff (System\nAdministrator [SA] and Information System Security Officer [ISSO] at a minimum)\nin the event of an audit processing failure.\"\n  desc  \"It is critical for the appropriate personnel to be aware if a system\nis at risk of failing to process audit logs as required. Without this\nnotification, the security personnel may be unaware of an impending failure of\nthe audit capability, and system operation may be adversely affected.\n\n    Audit processing failures include software/hardware errors, failures in the\naudit capturing mechanisms, and audit storage capacity being reached or\nexceeded.\n\n    This requirement applies to each audit data storage repository (i.e.,\ndistinct information system component where audit records are stored), the\ncentralized audit storage capacity of organizations (i.e., all audit data\nstorage repositories combined), or both.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Confirm the audit configuration regarding how auditing processing failures\nare handled.\n\n    Check to see what level \\\"auditctl\\\" is set to with following command:\n\n    # auditctl -s | grep -i \\\"fail\\\"\n\n    failure 2\n\n    If the value of \\\"failure\\\" is set to \\\"2\\\", the system is configured to\npanic (shut down) in the event of an auditing failure.\n\n    If the value of \\\"failure\\\" is set to \\\"1\\\", the system is configured to\nonly send information to the kernel log regarding the failure.\n\n    If the \\\"failure\\\" setting is not set, this is a CAT I finding.\n\n    If the \\\"failure\\\" setting is set to any value other than \\\"1\\\" or \\\"2\\\",\nthis is a CAT II finding.\n\n    If the \\\"failure\\\" setting is set to \\\"1\\\" but the availability concern is\nnot documented or there is no monitoring of the kernel log, this is a CAT III\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to shut down in the event of an audit\nprocessing failure.\n\n    Add or correct the option to shut down the operating system with the\nfollowing command:\n\n    # auditctl -f 2\n\n    Edit the \\\"/etc/audit/rules.d/audit.rules\\\" file and add the following line:\n\n    -f 2\n\n    If availability has been determined to be more important, and this decision\nis documented with the ISSO, configure the operating system to notify system\nadministration staff and ISSO staff in the event of an audit processing failure\nwith the following command:\n\n    # auditctl -f 1\n\n    Edit the \\\"/etc/audit/rules.d/audit.rules\\\" file and add the following line:\n\n    -f 1\n\n    Kernel log monitoring must also be configured to properly alert designated\nstaff.\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000046-GPOS-00022\"\n  tag satisfies: [\"SRG-OS-000046-GPOS-00022\", \"SRG-OS-000047-GPOS-00023\"]\n  tag gid: \"V-72081\"\n  tag rid: \"SV-86705r4_rule\"\n  tag stig_id: \"RHEL-07-030010\"\n  tag fix_id: \"F-78433r2_fix\"\n  tag cci: [\"CCI-000139\"]\n  tag nist: [\"AU-5 a\", \"Rev_4\"]\n\n  monitor_kernel_log = input('monitor_kernel_log')\n\n  if auditd.status['failure'].nil?\n    impact 0.7\n  elsif auditd.status['failure'].match?(%r{^1$}) &amp;&amp; !monitor_kernel_log\n    impact 0.3\n  else\n    impact 0.5\n  end\n\n  if !monitor_kernel_log\n    describe auditd.status['failure'] do\n      it { should match %r{^2$} }\n    end\n  else\n    describe auditd.status['failure'] do\n      it { should match %r{^(1|2)$} }\n    end\n  end\nend"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST 2 is expected to match /^(1|2)$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72277</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86901r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040540</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not contain .shosts
-files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The .shosts files are used to configure host-based authentication for
 individual users or the system via SSH. Host-based authentication is not
 sufficient for preventing unauthorized access to the system, as it does not
 require interactive identification and authentication of a connection request,
-or for the use of two-factor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify there are no &quot;.shosts&quot; files on the system.
+or for the use of two-factor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify there are no ".shosts" files on the system.
 
     Check the system for the existence of these files with the following
 command:
 
-    # find &#x2F; -name &#39;*.shosts&#39;
-
-    If any &quot;.shosts&quot; files are found on the system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove any found &quot;.shosts&quot; files from the system.
-
-# rm &#x2F;[path]&#x2F;[to]&#x2F;[file]&#x2F;.shosts</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b9e08104-14f1-41dd-b240-62bd68e0c2ef</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -name &#39;*.shosts&#39;&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72185</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00215</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86809r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030810</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # find / -name '*.shosts'
+
+    If any ".shosts" files are found on the system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove any found ".shosts" files from the system.
+
+# rm /[path]/[to]/[file]/.shosts</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72277\" do\n  title \"The Red Hat Enterprise Linux operating system must not contain .shosts\nfiles.\"\n  desc  \"The .shosts files are used to configure host-based authentication for\nindividual users or the system via SSH. Host-based authentication is not\nsufficient for preventing unauthorized access to the system, as it does not\nrequire interactive identification and authentication of a connection request,\nor for the use of two-factor authentication.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify there are no \\\".shosts\\\" files on the system.\n\n    Check the system for the existence of these files with the following\ncommand:\n\n    # find / -name '*.shosts'\n\n    If any \\\".shosts\\\" files are found on the system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove any found \\\".shosts\\\" files from the system.\n\n    # rm /[path]/[to]/[file]/.shosts\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72277\"\n  tag rid: \"SV-86901r2_rule\"\n  tag stig_id: \"RHEL-07-040540\"\n  tag fix_id: \"F-78631r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command(\"find / -xautofs -name '*.shosts'\") do\n    its('stdout.strip') { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -name '*.shosts'` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72185</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00215</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86809r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030810</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the pam_timestamp_check command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the pam_timestamp_check command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
-responsible for one.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+responsible for one.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;pam_timestamp_check&quot; command
+successful/unsuccessful attempts to use the "pam_timestamp_check" command
 occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &quot;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "/usr/sbin/pam_timestamp_check" /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-pam
+    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-pam
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;pam_timestamp_check&quot; command
+successful/unsuccessful attempts to use the "pam_timestamp_check" command
 occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;pam_timestamp_check -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-pam
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fa38d2f4-e9b4-4ea2-b760-e5da0b5c3000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;sbin&#x2F;pam_timestamp_check&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;sbin&#x2F;pam_timestamp_check&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72055</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86679r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021120</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-pam
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72185\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe pam_timestamp_check command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"pam_timestamp_check\\\" command\noccur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw \\\"/usr/sbin/pam_timestamp_check\\\" /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-pam\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"pam_timestamp_check\\\" command\noccur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-pam\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00215\"\n  tag gid: \"V-72185\"\n  tag rid: \"SV-86809r4_rule\"\n  tag stig_id: \"RHEL-07-030810\"\n  tag fix_id: \"F-78539r4_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  audit_file = '/sbin/pam_timestamp_check'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/sbin/pam_timestamp_check" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/sbin/pam_timestamp_check" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72055</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86679r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021120</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cron.allow file, if it exists, is group-owned by root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the group owner of the &quot;cron.allow&quot; file is not set to root,
-sensitive information could be viewed or edited by unauthorized users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;cron.allow&quot; file is group-owned by root.
-
-    Check the group owner of the &quot;cron.allow&quot; file with the following command:
-
-    # ls -al &#x2F;etc&#x2F;cron.allow
-    -rw------- 1 root root 6 Mar  5  2011 &#x2F;etc&#x2F;cron.allow
-
-    If the &quot;cron.allow&quot; file exists and has a group owner other than root,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the group owner on the &quot;&#x2F;etc&#x2F;cron.allow&quot; file to root with the
+that the cron.allow file, if it exists, is group-owned by root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the group owner of the "cron.allow" file is not set to root,
+sensitive information could be viewed or edited by unauthorized users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "cron.allow" file is group-owned by root.
+
+    Check the group owner of the "cron.allow" file with the following command:
+
+    # ls -al /etc/cron.allow
+    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow
+
+    If the "cron.allow" file exists and has a group owner other than root,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the group owner on the "/etc/cron.allow" file to root with the
 following command:
 
-    # chgrp root &#x2F;etc&#x2F;cron.allow</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d56b8d50-0abe-45dc-a5c8-143a22d8df13</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;cron.allow group is expected to eq &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71997</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86621r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020250</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chgrp root /etc/cron.allow</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72055\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cron.allow file, if it exists, is group-owned by root.\"\n  desc  \"If the group owner of the \\\"cron.allow\\\" file is not set to root,\nsensitive information could be viewed or edited by unauthorized users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"cron.allow\\\" file is group-owned by root.\n\n    Check the group owner of the \\\"cron.allow\\\" file with the following command:\n\n    # ls -al /etc/cron.allow\n    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow\n\n    If the \\\"cron.allow\\\" file exists and has a group owner other than root,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the group owner on the \\\"/etc/cron.allow\\\" file to root with the\nfollowing command:\n\n    # chgrp root /etc/cron.allow\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72055\"\n  tag rid: \"SV-86679r2_rule\"\n  tag stig_id: \"RHEL-07-021120\"\n  tag fix_id: \"F-78407r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    # case where file doesn't exist\n    describe file('/etc/cron.allow') do\n      it { should_not exist }\n    end\n    # case where file exists\n    describe file('/etc/cron.allow') do\n      its('group') { should eq 'root' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/cron.allow group is expected to eq "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71997</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86621r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020250</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be a vendor
-supported release.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>An operating system release is considered &quot;supported&quot; if the vendor
+supported release.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>An operating system release is considered "supported" if the vendor
 continues to provide security patches for the product. With an unsupported
 release, it will not be possible to resolve security issues discovered in the
-system software.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system software.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the version of the operating system is vendor supported.
 
 Check the version of the operating system with the following command:
 
-# cat &#x2F;etc&#x2F;redhat-release
+# cat /etc/redhat-release
 
 Red Hat Enterprise Linux Server release 7.4 (Maipo)
 
@@ -3183,120 +3056,115 @@ Current End of Life for RHEL 7.6 is 31 October 2020.
 
 Current End of Life for RHEL 7.7 is 30 August 2021.
 
-If the release is not supported by the vendor, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Upgrade to a supported version of the operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>01ebcbfe-c8e0-428b-8735-a3fc80af1fd3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;redhat-release content is expected to match &#x2F;Release (6.7*|7.[2-9].*)&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71907</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000071-GPOS-00039</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86531r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010140</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+If the release is not supported by the vendor, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Upgrade to a supported version of the operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71997\" do\n  title \"The Red Hat Enterprise Linux operating system must be a vendor\nsupported release.\"\n  desc  \"An operating system release is considered \\\"supported\\\" if the vendor\ncontinues to provide security patches for the product. With an unsupported\nrelease, it will not be possible to resolve security issues discovered in the\nsystem software.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the version of the operating system is vendor supported.\n\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    Red Hat Enterprise Linux Server release 7.4 (Maipo)\n\n    Current End of Life for RHEL 7.1 is 31 March 2017.\n\n    Current End of Life for RHEL 7.2 is 30 November 2017.\n\n    Current End of Life for RHEL 7.3 is 30 November 2018.\n\n    Current End of Life for RHEL 7.4 is 31 August 2019.\n\n    Current End of Life for RHEL 7.5 is 30 April 2020.\n\n    Current End of Life for RHEL 7.6 is 31 October 2020.\n\n    Current End of Life for RHEL 7.7 is 30 August 2021.\n\n    If the release is not supported by the vendor, this is a finding.\n  \"\n  desc  \"fix\", \"Upgrade to a supported version of the operating system.\"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71997\"\n  tag rid: \"SV-86621r5_rule\"\n  tag stig_id: \"RHEL-07-020250\"\n  tag fix_id: \"F-78349r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe file('/etc/redhat-release') do\n    its('content') { should match %r{Release (6.7*|7.[2-9].*)}i }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/redhat-release content is expected to match /Release (6.7*|7.[2-9].*)/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71907</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000071-GPOS-00039</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86531r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010140</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are assigned, the new password
-must contain at least one numeric character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must contain at least one numeric character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -3305,146 +3173,141 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of numeric characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;dcredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "dcredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep dcredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    dcredit &#x3D; -1
+    # grep dcredit /etc/security/pwquality.conf
+    dcredit = -1
 
-    If the value of &quot;dcredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "dcredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one numeric character be used by setting the &quot;dcredit&quot; option.
+that at least one numeric character be used by setting the "dcredit" option.
 
-    Add the following line to &#x2F;etc&#x2F;security&#x2F;pwquality.conf (or modify the line
+    Add the following line to /etc/security/pwquality.conf (or modify the line
 to have the required value):
 
-    dcredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8cbb49e7-a356-4c66-8776-e32a792a6df3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf dcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71991</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86615r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    dcredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71907\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are assigned, the new password\nmust contain at least one numeric character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of numeric characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"dcredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep dcredit /etc/security/pwquality.conf\n    dcredit = -1\n\n    If the value of \\\"dcredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one numeric character be used by setting the \\\"dcredit\\\" option.\n\n    Add the following line to /etc/security/pwquality.conf (or modify the line\nto have the required value):\n\n    dcredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000071-GPOS-00039\"\n  tag gid: \"V-71907\"\n  tag rid: \"SV-86531r3_rule\"\n  tag stig_id: \"RHEL-07-010140\"\n  tag fix_id: \"F-78259r1_fix\"\n  tag cci: [\"CCI-000194\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('dcredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf dcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71991</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86615r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable the SELinux
-targeted policy.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+targeted policy.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without verification of the security functions, security functions may
 not operate correctly and the failure may go unnoticed. Security function is
-defined as the hardware, software, and&#x2F;or firmware of the information system
+defined as the hardware, software, and/or firmware of the information system
 responsible for enforcing the system security policy and supporting the
 isolation of code and data on which the protection is based. Security
 functionality includes, but is not limited to, establishing system accounts,
@@ -3452,30 +3315,30 @@ configuring access authorizations (i.e., permissions, privileges), setting
 events to be audited, and setting intrusion detection parameters.
 
     This requirement applies to operating systems performing security function
-verification&#x2F;testing and&#x2F;or systems and environments that require this
-functionality.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+verification/testing and/or systems and environments that require this
+functionality.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system verifies correct operation of all security
 functions.
 
-    Check if &quot;SELinux&quot; is active and is enforcing the targeted policy with
+    Check if "SELinux" is active and is enforcing the targeted policy with
 the following command:
 
     # sestatus
 
     SELinux status: enabled
 
-    SELinuxfs mount: &#x2F;selinux
+    SELinuxfs mount: /selinux
 
-    SELinux root directory: &#x2F;etc&#x2F;selinux
+    SELinux root directory: /etc/selinux
 
     Loaded policy name: targeted
 
@@ -3489,297 +3352,287 @@ the following command:
 
     Max kernel policy version: 28
 
-    If the &quot;Loaded policy name&quot; is not set to &quot;targeted&quot;, this is a finding.
+    If the "Loaded policy name" is not set to "targeted", this is a finding.
 
-    Verify that the &#x2F;etc&#x2F;selinux&#x2F;config file is configured to the
-&quot;SELINUXTYPE&quot; to &quot;targeted&quot;:
+    Verify that the /etc/selinux/config file is configured to the
+"SELINUXTYPE" to "targeted":
 
-    # grep -i &quot;selinuxtype&quot; &#x2F;etc&#x2F;selinux&#x2F;config | grep -v &#39;^#&#39;
+    # grep -i "selinuxtype" /etc/selinux/config | grep -v '^#'
 
-    SELINUXTYPE &#x3D; targeted
+    SELINUXTYPE = targeted
 
-    If no results are returned or &quot;SELINUXTYPE&quot; is not set to &quot;targeted&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If no results are returned or "SELINUXTYPE" is not set to "targeted",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify correct operation of all security
 functions.
 
-    Set the &quot;SELinuxtype&quot; to the &quot;targeted&quot; policy by modifying the
-&quot;&#x2F;etc&#x2F;selinux&#x2F;config&quot; file to have the following line:
-
-    SELINUXTYPE&#x3D;targeted
-
-    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1cc88e4b-3d61-43c8-818c-da72250e1318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;sestatus&#x60; stdout is expected to match &#x2F;^Loaded\spolicy\sname:\s+targeted\n?$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72045</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86669r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "SELinuxtype" to the "targeted" policy by modifying the
+"/etc/selinux/config" file to have the following line:
+
+    SELINUXTYPE=targeted
+
+    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71991\" do\n  title \"The Red Hat Enterprise Linux operating system must enable the SELinux\ntargeted policy.\"\n  desc  \"Without verification of the security functions, security functions may\nnot operate correctly and the failure may go unnoticed. Security function is\ndefined as the hardware, software, and/or firmware of the information system\nresponsible for enforcing the system security policy and supporting the\nisolation of code and data on which the protection is based. Security\nfunctionality includes, but is not limited to, establishing system accounts,\nconfiguring access authorizations (i.e., permissions, privileges), setting\nevents to be audited, and setting intrusion detection parameters.\n\n    This requirement applies to operating systems performing security function\nverification/testing and/or systems and environments that require this\nfunctionality.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system verifies correct operation of all security\nfunctions.\n\n    Check if \\\"SELinux\\\" is active and is enforcing the targeted policy with\nthe following command:\n\n    # sestatus\n\n    SELinux status: enabled\n\n    SELinuxfs mount: /selinux\n\n    SELinux root directory: /etc/selinux\n\n    Loaded policy name: targeted\n\n    Current mode: enforcing\n\n    Mode from config file: enforcing\n\n    Policy MLS status: enabled\n\n    Policy deny_unknown status: allowed\n\n    Max kernel policy version: 28\n\n    If the \\\"Loaded policy name\\\" is not set to \\\"targeted\\\", this is a finding.\n\n    Verify that the /etc/selinux/config file is configured to the\n\\\"SELINUXTYPE\\\" to \\\"targeted\\\":\n\n    # grep -i \\\"selinuxtype\\\" /etc/selinux/config | grep -v '^#'\n\n    SELINUXTYPE = targeted\n\n    If no results are returned or \\\"SELINUXTYPE\\\" is not set to \\\"targeted\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify correct operation of all security\nfunctions.\n\n    Set the \\\"SELinuxtype\\\" to the \\\"targeted\\\" policy by modifying the\n\\\"/etc/selinux/config\\\" file to have the following line:\n\n    SELINUXTYPE=targeted\n\n    A reboot is required for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000445-GPOS-00199\"\n  tag gid: \"V-71991\"\n  tag rid: \"SV-86615r5_rule\"\n  tag stig_id: \"RHEL-07-020220\"\n  tag fix_id: \"F-78343r2_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002696\"]\n  tag nist: [\"AC-3 (4)\", \"SI-6 a\", \"Rev_4\"]\n\n  describe.one do\n    describe command('sestatus') do\n      its('stdout') { should match %r{^Policy\\sfrom\\sconfigs\\sfile:\\s+targeted\\n?$} }\n    end\n    describe command('sestatus') do\n      its('stdout') { should match %r{^Loaded\\spolicy\\sname:\\s+targeted\\n?$} }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `sestatus` stdout is expected to match /^Loaded\spolicy\sname:\s+targeted\n?$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72045</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86669r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent files with
 the setuid and setgid bit set from being executed on file systems that are
-being imported via Network File System (NFS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+being imported via Network File System (NFS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are being NFS imported are configured with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Find the file system(s) that contain the directories being exported with
 the following command:
 
-    # more &#x2F;etc&#x2F;fstab | grep nfs
+    # more /etc/fstab | grep nfs
 
-    UUID&#x3D;e06097bb-cfcd-437b-9e4d-a691f5662a7d &#x2F;store nfs rw,nosuid 0 0
+    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,nosuid 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to NFS and it does not have
-the &quot;nosuid&quot; option set, this is a finding.
+    If a file system found in "/etc/fstab" refers to NFS and it does not have
+the "nosuid" option set, this is a finding.
 
-    Verify the NFS is mounted with the &quot;nosuid&quot; option:
+    Verify the NFS is mounted with the "nosuid" option:
 
     # mount | grep nfs | grep nosuid
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that are being imported via NFS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4a222768-61a9-4515-83b7-adbd0f9413e7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72251</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000074-GPOS-00042</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86875r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040390</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that are being imported via NFS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72045\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent files with\nthe setuid and setgid bit set from being executed on file systems that are\nbeing imported via Network File System (NFS).\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are being NFS imported are configured with the\n\\\"nosuid\\\" option.\n\n    Find the file system(s) that contain the directories being exported with\nthe following command:\n\n    # more /etc/fstab | grep nfs\n\n    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,nosuid 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to NFS and it does not have\nthe \\\"nosuid\\\" option set, this is a finding.\n\n    Verify the NFS is mounted with the \\\"nosuid\\\" option:\n\n    # mount | grep nfs | grep nosuid\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that are being imported via NFS.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72045\"\n  tag rid: \"SV-86669r2_rule\"\n  tag stig_id: \"RHEL-07-021020\"\n  tag fix_id: \"F-78397r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |partition|\n      describe partition do\n        its('mount_options') { should include 'nosuid' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72251</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000074-GPOS-00042</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86875r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040390</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon is configured to only use the SSHv2 protocol.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon is configured to only use the SSHv2 protocol.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SSHv1 is an insecure implementation of the SSH protocol and has many
 well-known vulnerability exploits. Exploits of the SSH daemon could provide
-immediate root access to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+immediate root access to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check the version of the operating system with the following command:
 
-    # cat &#x2F;etc&#x2F;redhat-release
+    # cat /etc/redhat-release
 
     If the release is 7.4 or newer this requirement is Not Applicable.
 
@@ -3788,393 +3641,374 @@ immediate root access to the system.</ATTRIBUTE_DATA>
     Check that the SSH daemon is configured to only use the SSHv2 protocol with
 the following command:
 
-    # grep -i protocol &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i protocol /etc/ssh/sshd_config
     Protocol 2
     #Protocol 1,2
 
-    If any protocol line other than &quot;Protocol 2&quot; is uncommented, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove all Protocol lines that reference version &quot;1&quot; in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+    If any protocol line other than "Protocol 2" is uncommented, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove all Protocol lines that reference version "1" in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor). The &quot;Protocol&quot; line must be as follows:
+vendor). The "Protocol" line must be as follows:
 
     Protocol 2
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f401a386-5bd2-4b12-b048-f410946a058a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The release is 7.8
-The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71945</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86569r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72251\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon is configured to only use the SSHv2 protocol.\"\n  desc  \"SSHv1 is an insecure implementation of the SSH protocol and has many\nwell-known vulnerability exploits. Exploits of the SSH daemon could provide\nimmediate root access to the system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    If the release is 7.4 or newer this requirement is Not Applicable.\n\n    Verify the SSH daemon is configured to only use the SSHv2 protocol.\n\n    Check that the SSH daemon is configured to only use the SSHv2 protocol with\nthe following command:\n\n    # grep -i protocol /etc/ssh/sshd_config\n    Protocol 2\n    #Protocol 1,2\n\n    If any protocol line other than \\\"Protocol 2\\\" is uncommented, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Remove all Protocol lines that reference version \\\"1\\\" in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor). The \\\"Protocol\\\" line must be as follows:\n\n    Protocol 2\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000074-GPOS-00042\"\n  tag satisfies: [\"SRG-OS-000074-GPOS-00042\", \"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-72251\"\n  tag rid: \"SV-86875r4_rule\"\n  tag stig_id: \"RHEL-07-040390\"\n  tag fix_id: \"F-78605r2_fix\"\n  tag cci: [\"CCI-000197\", \"CCI-000366\"]\n  tag nist: [\"IA-5 (1) (c)\", \"CM-6 b\", \"Rev_4\"]\n\n  if os.release.to_f &gt;= 7.4\n    impact 0.0\n    describe \"The release is #{os.release}\" do\n      skip \"The release is newer than 7.4; this control is Not Applicable.\"\n    end\n  else\n    describe sshd_config do\n      its('Protocol') { should cmp '2' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The release is 7.8 :: SKIP_MESSAGE The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71945</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86569r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must lock the associated
 account after three unsuccessful root logon attempts are made within a
-15-minute period.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+15-minute period.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of
 unauthorized system access via user password guessing, otherwise known as brute
-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically locks the root account until it
 is released by an administrator when three unsuccessful logon attempts in 15
 minutes are made.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;password-auth
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    # grep pam_faillock.so /etc/pam.d/password-auth
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;even_deny_root&quot; setting is not defined on both lines with the
-&quot;pam_faillock.so&quot; module, is commented out, or is missing from a line, this
+    If the "even_deny_root" setting is not defined on both lines with the
+"pam_faillock.so" module, is commented out, or is missing from a line, this
 is a finding.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;system-auth
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    # grep pam_faillock.so /etc/pam.d/system-auth
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;even_deny_root&quot; setting is not defined on both lines with the
-&quot;pam_faillock.so&quot; module, is commented out, or is missing from a line, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "even_deny_root" setting is not defined on both lines with the
+"pam_faillock.so" module, is commented out, or is missing from a line, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to lock automatically the root account until
 the locked account is released by an administrator when three unsuccessful
 logon attempts in 15 minutes are made.
 
     Modify the first three lines of the auth section and the first line of the
-account section of the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; files to match the following lines:
+account section of the "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" files to match the following lines:
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     auth sufficient pam_unix.so try_first_pass
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>56f5082f-e188-48cc-9f14-ceb8003ec4bd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
-expected &quot;account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so&quot; to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71945\" do\n  title \"The Red Hat Enterprise Linux operating system must lock the associated\naccount after three unsuccessful root logon attempts are made within a\n15-minute period.\"\n  desc  \"By limiting the number of failed logon attempts, the risk of\nunauthorized system access via user password guessing, otherwise known as brute\nforcing, is reduced. Limits are imposed by locking the account.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically locks the root account until it\nis released by an administrator when three unsuccessful logon attempts in 15\nminutes are made.\n\n    # grep pam_faillock.so /etc/pam.d/password-auth\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"even_deny_root\\\" setting is not defined on both lines with the\n\\\"pam_faillock.so\\\" module, is commented out, or is missing from a line, this\nis a finding.\n\n    # grep pam_faillock.so /etc/pam.d/system-auth\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"even_deny_root\\\" setting is not defined on both lines with the\n\\\"pam_faillock.so\\\" module, is commented out, or is missing from a line, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to lock automatically the root account until\nthe locked account is released by an administrator when three unsuccessful\nlogon attempts in 15 minutes are made.\n\n    Modify the first three lines of the auth section and the first line of the\naccount section of the \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" files to match the following lines:\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth sufficient pam_unix.so try_first_pass\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000329-GPOS-00128\"\n  tag satisfies: [\"SRG-OS-000329-GPOS-00128\", \"SRG-OS-000021-GPOS-00005\"]\n  tag gid: \"V-71945\"\n  tag rid: \"SV-86569r4_rule\"\n  tag stig_id: \"RHEL-07-010330\"\n  tag fix_id: \"F-78297r3_fix\"\n  tag cci: [\"CCI-002238\"]\n  tag nist: [\"AC-7 b\", \"Rev_4\"]\n\n  required_lines = [\n    'auth required pam_faillock.so even_deny_root',\n    'auth sufficient pam_unix.so try_first_pass',\n    'auth [default=die] pam_faillock.so even_deny_root'\n  ]\n\n  describe pam('/etc/pam.d/password-auth') do\n    its('lines') { should match_pam_rules(required_lines) }\n    its('lines') { should match_pam_rule('auth .* pam_faillock.so (preauth|authfail)').all_with_args('even_deny_root') }\n  end\n\n  describe pam('/etc/pam.d/system-auth') do\n    its('lines') { should match_pam_rules(required_lines) }\n    its('lines') { should match_pam_rule('auth .* pam_faillock.so (preauth|authfail)').all_with_args('even_deny_root') }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"] :: MESSAGE expected "account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so" to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"]
 Diff:
 @@ -1,4 +1,28 @@
 -auth required pam_faillock.so even_deny_root
 -auth sufficient pam_unix.so try_first_pass
--auth [default&#x3D;die] pam_faillock.so even_deny_root
+-auth [default=die] pam_faillock.so even_deny_root
 +account required pam_unix.so
 +account sufficient pam_localuser.so
 +account sufficient pam_succeed_if.so uid &lt; 1000 quiet
-+account [default&#x3D;bad success&#x3D;ok user_unknown&#x3D;ignore] pam_sss.so
++account [default=bad success=ok user_unknown=ignore] pam_sss.so
 +account required pam_permit.so
 +auth required pam_env.so
-+auth [default&#x3D;1 ignore&#x3D;ignore success&#x3D;ok] pam_succeed_if.so uid &gt;&#x3D; 1000 quiet
-+auth [default&#x3D;4 ignore&#x3D;ignore success&#x3D;ok] pam_localuser.so
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [success&#x3D;1 default&#x3D;bad] pam_unix.so try_first_pass
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth sufficient pam_faillock.so authsucc deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth requisite pam_succeed_if.so uid &gt;&#x3D; 1000 quiet_success
++auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid &gt;= 1000 quiet
++auth [default=4 ignore=ignore success=ok] pam_localuser.so
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [success=1 default=bad] pam_unix.so try_first_pass
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
++auth sufficient pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900
++auth requisite pam_succeed_if.so uid &gt;= 1000 quiet_success
 +auth sufficient pam_sss.so forward_pass
 +auth required pam_deny.so
-+password requisite pam_pwquality.so try_first_pass local_users_only retry&#x3D;3 authtok_type&#x3D;
-+password requisite pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
++password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
++password requisite pam_pwhistory.so use_authtok remember=5 retry=3
 +password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
 +password sufficient pam_sss.so use_authtok
 +password required pam_deny.so
 +session optional pam_keyinit.so revoke
 +session required pam_limits.so
 +-session optional pam_systemd.so
-+session optional pam_oddjob_mkhomedir.so umask&#x3D;0077
-+session [success&#x3D;1 default&#x3D;ignore] pam_succeed_if.so service in crond quiet use_uid
++session optional pam_oddjob_mkhomedir.so umask=0077
++session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 +session required pam_unix.so
 +session optional pam_sss.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
-expected &quot;auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900\nauth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900&quot; to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root :: MESSAGE expected "auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900\nauth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900" to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
 Diff:
 @@ -1,2 +1,3 @@
 -auth .* pam_faillock.so (preauth|authfail)
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
-expected &quot;account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so&quot; to include [&quot;auth required pam_faillock.so even_deny_root&quot;, &quot;auth sufficient pam_unix.so try_first_pass&quot;, &quot;auth [default&#x3D;die] pam_faillock.so even_deny_root&quot;]
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"] :: MESSAGE expected "account required pam_unix.so\naccount sufficient pam_localuser.so\naccount sufficient pam_succeed_if...eed_if.so service in crond quiet use_uid\nsession required pam_unix.so\nsession optional pam_sss.so" to include ["auth required pam_faillock.so even_deny_root", "auth sufficient pam_unix.so try_first_pass", "auth [default=die] pam_faillock.so even_deny_root"]
 Diff:
 @@ -1,4 +1,28 @@
 -auth required pam_faillock.so even_deny_root
 -auth sufficient pam_unix.so try_first_pass
--auth [default&#x3D;die] pam_faillock.so even_deny_root
+-auth [default=die] pam_faillock.so even_deny_root
 +account required pam_unix.so
 +account sufficient pam_localuser.so
 +account sufficient pam_succeed_if.so uid &lt; 1000 quiet
-+account [default&#x3D;bad success&#x3D;ok user_unknown&#x3D;ignore] pam_sss.so
++account [default=bad success=ok user_unknown=ignore] pam_sss.so
 +account required pam_permit.so
 +auth required pam_env.so
-+auth [default&#x3D;1 ignore&#x3D;ignore success&#x3D;ok] pam_succeed_if.so uid &gt;&#x3D; 1000 quiet
-+auth [default&#x3D;4 ignore&#x3D;ignore success&#x3D;ok] pam_localuser.so
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [success&#x3D;1 default&#x3D;bad] pam_unix.so try_first_pass
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth sufficient pam_faillock.so authsucc deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth requisite pam_succeed_if.so uid &gt;&#x3D; 1000 quiet_success
++auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid &gt;= 1000 quiet
++auth [default=4 ignore=ignore success=ok] pam_localuser.so
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [success=1 default=bad] pam_unix.so try_first_pass
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
++auth sufficient pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900
++auth requisite pam_succeed_if.so uid &gt;= 1000 quiet_success
 +auth sufficient pam_sss.so forward_pass
 +auth required pam_deny.so
-+password requisite pam_pwquality.so try_first_pass local_users_only retry&#x3D;3 authtok_type&#x3D;
-+password requisite pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
++password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
++password requisite pam_pwhistory.so use_authtok remember=5 retry=3
 +password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
 +password sufficient pam_sss.so use_authtok
 +password required pam_deny.so
 +session optional pam_keyinit.so revoke
 +session required pam_limits.so
 +-session optional pam_systemd.so
-+session optional pam_oddjob_mkhomedir.so umask&#x3D;0077
-+session [success&#x3D;1 default&#x3D;ignore] pam_succeed_if.so service in crond quiet use_uid
++session optional pam_oddjob_mkhomedir.so umask=0077
++session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 +session required pam_unix.so
 +session optional pam_sss.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
-expected &quot;auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900\nauth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900&quot; to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root :: MESSAGE expected "auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900\nauth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900" to include auth .* pam_faillock.so (preauth|authfail), all with args even_deny_root
 Diff:
 @@ -1,2 +1,3 @@
 -auth .* pam_faillock.so (preauth|authfail)
-+auth requisite pam_faillock.so preauth deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-+auth [default&#x3D;die] pam_faillock.so authfail deny&#x3D;3 unlock_time&#x3D;604800 fail_interval&#x3D;900
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71861</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86485r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
++auth requisite pam_faillock.so preauth deny=3 unlock_time=604800 fail_interval=900
++auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71861</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86485r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 approved Standard Mandatory DoD Notice and Consent Banner before granting local
-or remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+or remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -4187,7 +4021,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -4212,14 +4046,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the approved Standard Mandatory DoD
 Notice and Consent Banner before granting access to the operating system via a
 graphical user logon.
@@ -4230,9 +4064,9 @@ Applicable.
     Check that the operating system displays the exact approved Standard
 Mandatory DoD Notice and Consent Banner text with the command:
 
-    # grep banner-message-text &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    banner-message-text&#x3D;
-    &#39;You are accessing a U.S. Government (USG) Information System (IS) that is
+    # grep banner-message-text /etc/dconf/db/local.d/*
+    banner-message-text=
+    'You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.    By using this IS (which includes any device attached to this IS), you
 consent to the following conditions:    -The USG routinely intercepts and monitors communications on this IS for
 purposes including, but not limited to, penetration testing, COMSEC monitoring,
@@ -4245,16 +4079,16 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details. &#39;
+Agreement for details. '
 
-    Note: The &quot;     &quot; characters are for formatting only. They will not be displayed on the
+    Note: The "     " characters are for formatting only. They will not be displayed on the
 GUI.
 
     If the banner does not match the approved Standard Mandatory DoD Notice and
-Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the approved Standard Mandatory
 DoD Notice and Consent Banner before granting access to the system.
 
@@ -4264,16 +4098,16 @@ Applicable.
     Create a database to contain the system-wide graphical user logon settings
 (if it does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message
+    # touch /etc/dconf/db/local.d/01-banner-message
 
-    Add the following line to the [org&#x2F;gnome&#x2F;login-screen] section of the
-&quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message&quot;:
+    Add the following line to the [org/gnome/login-screen] section of the
+"/etc/dconf/db/local.d/01-banner-message":
 
-    [org&#x2F;gnome&#x2F;login-screen]
+    [org/gnome/login-screen]
 
-    banner-message-enable&#x3D;true
+    banner-message-enable=true
 
-    banner-message-text&#x3D;&#39;You are accessing a U.S. Government (USG) Information
+    banner-message-text='You are accessing a U.S. Government (USG) Information
 System (IS) that is provided for USG-authorized use only.    By using this IS (which includes any device attached to this IS), you
 consent to the following conditions:    -The USG routinely intercepts and monitors communications on this IS for
 purposes including, but not limited to, penetration testing, COMSEC monitoring,
@@ -4286,123 +4120,117 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details. &#39;
+Agreement for details. '
 
-    Note: The &quot;     &quot; characters are for formatting only. They will not be displayed on the
+    Note: The "     " characters are for formatting only. They will not be displayed on the
 GUI.
 
     Run the following command to update the database:
-    # dconf update</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>58889a4c-16a7-4a2f-b06d-9ce9b39d0c54</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-        Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72217</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000027-GPOS-00008</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86841r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # dconf update</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71861\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\napproved Standard Mandatory DoD Notice and Consent Banner before granting local\nor remote access to the system via a graphical user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the approved Standard Mandatory DoD\nNotice and Consent Banner before granting access to the operating system via a\ngraphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check that the operating system displays the exact approved Standard\nMandatory DoD Notice and Consent Banner text with the command:\n\n    # grep banner-message-text /etc/dconf/db/local.d/*\n    banner-message-text=\n    'You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\\\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\\\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\\\n    -At any time, the USG may inspect and seize data stored on this IS.\\\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\\\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\\\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details. '\n\n    Note: The \\\"\\\n     \\\" characters are for formatting only. They will not be displayed on the\nGUI.\n\n    If the banner does not match the approved Standard Mandatory DoD Notice and\nConsent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the approved Standard Mandatory\nDoD Notice and Consent Banner before granting access to the system.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide graphical user logon settings\n(if it does not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/01-banner-message\n\n    Add the following line to the [org/gnome/login-screen] section of the\n\\\"/etc/dconf/db/local.d/01-banner-message\\\":\n\n    [org/gnome/login-screen]\n\n    banner-message-enable=true\n\n    banner-message-text='You are accessing a U.S. Government (USG) Information\nSystem (IS) that is provided for USG-authorized use only.\\\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\\\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\\\n    -At any time, the USG may inspect and seize data stored on this IS.\\\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\\\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\\\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details. '\n\n    Note: The \\\"\\\n     \\\" characters are for formatting only. They will not be displayed on the\nGUI.\n\n    Run the following command to update the database:\n    # dconf update\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-71861\"\n  tag rid: \"SV-86485r4_rule\"\n  tag stig_id: \"RHEL-07-010040\"\n  tag fix_id: \"F-78213r5_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    #Get all files that have the banner-message-text specified.\n    banner_files =\n      command(\"grep -l banner-message-text /etc/dconf/db/local.d/*\").stdout.split(\"\\n\")\n\n    #If there are no banner files then this is a finding.\n    banner_missing = banner_files.empty?\n    describe \"If no files specify the banner text then this is a finding\" do\n      subject { banner_missing }\n      it{should be false}\n    end if banner_missing\n\n    #If there are banner files then check them to make sure they have the correct text.\n    banner_files.each do |banner_file|\n      banner_message =\n        parse_config_file(banner_file).params(\"banner-message-text\").gsub(%r{[\\r\\n\\s]}, '')\n      #dconf expects the banner-message-text to be quoted so remove leading and trailing quote.\n      #See https://developer.gnome.org/dconf/unstable/dconf-tool.html which states:\n      #  VALUE arguments must be in GVariant format, so e.g. a string must include\n      #  explicit quotes: \"'foo'\". This format is also used when printing out values.\n      if banner_message.start_with?('\"') || banner_message.start_with?('\\'')\n        banner_message = banner_message[1,banner_message.length]\n      end\n      if banner_message.end_with?('\"') || banner_message.end_with?('\\'')\n        banner_message = banner_message.chop\n      end\n      describe.one do\n        describe banner_message do\n          it{should cmp banner_message_text_gui.gsub(%r{[\\r\\n\\s]}, '')}\n        end\n        describe banner_message do\n          it{should cmp banner_message_text_gui_limited.gsub(%r{[\\r\\n\\s]}, '')}\n        end\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n        Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+        Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72217</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000027-GPOS-00008</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86841r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must limit the number of
-concurrent sessions to 10 for all accounts and&#x2F;or account types.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+concurrent sessions to 10 for all accounts and/or account types.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Operating system management includes the ability to control the number
 of users and user sessions that utilize an operating system. Limiting the
 number of allowed users and sessions per user is helpful in reducing the risks
@@ -4411,149 +4239,143 @@ related to DoS attacks.
     This requirement addresses concurrent sessions for information system
 accounts and does not address concurrent sessions by single users via multiple
 system accounts. The maximum number of concurrent sessions should be defined
-based on mission needs and the operational environment for each system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+based on mission needs and the operational environment for each system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system limits the number of concurrent sessions to
-&quot;10&quot; for all accounts and&#x2F;or account types by issuing the following command:
+"10" for all accounts and/or account types by issuing the following command:
 
-    # grep &quot;maxlogins&quot; &#x2F;etc&#x2F;security&#x2F;limits.conf &#x2F;etc&#x2F;security&#x2F;limits.d&#x2F;*.conf
+    # grep "maxlogins" /etc/security/limits.conf /etc/security/limits.d/*.conf
 
     * hard maxlogins 10
 
     This can be set as a global domain (with the * wildcard) but may be set
 differently for multiple domains.
 
-    If the &quot;maxlogins&quot; item is missing, commented out, or the value is not
-set to &quot;10&quot; or less for all domains that have the &quot;maxlogins&quot; item
-assigned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "maxlogins" item is missing, commented out, or the value is not
+set to "10" or less for all domains that have the "maxlogins" item
+assigned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to limit the number of concurrent sessions
-to &quot;10&quot; for all accounts and&#x2F;or account types.
-
-    Add the following line to the top of the &#x2F;etc&#x2F;security&#x2F;limits.conf or in a
-&quot;.conf&quot; file defined in &#x2F;etc&#x2F;security&#x2F;limits.d&#x2F; :
-
-    * hard maxlogins 10</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fb84b91b-6261-4aea-a9c1-164af3cede9e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files configuring maxlogins less than or equal to 10 is expected to be positive
---------------------------------
-passed
-Files configuring maxlogins greater than 10 is expected to cmp &#x3D;&#x3D; []</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86671r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+to "10" for all accounts and/or account types.
+
+    Add the following line to the top of the /etc/security/limits.conf or in a
+".conf" file defined in /etc/security/limits.d/ :
+
+    * hard maxlogins 10</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72217\" do\n  title \"The Red Hat Enterprise Linux operating system must limit the number of\nconcurrent sessions to 10 for all accounts and/or account types.\"\n  desc  \"Operating system management includes the ability to control the number\nof users and user sessions that utilize an operating system. Limiting the\nnumber of allowed users and sessions per user is helpful in reducing the risks\nrelated to DoS attacks.\n\n    This requirement addresses concurrent sessions for information system\naccounts and does not address concurrent sessions by single users via multiple\nsystem accounts. The maximum number of concurrent sessions should be defined\nbased on mission needs and the operational environment for each system.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system limits the number of concurrent sessions to\n\\\"10\\\" for all accounts and/or account types by issuing the following command:\n\n    # grep \\\"maxlogins\\\" /etc/security/limits.conf /etc/security/limits.d/*.conf\n\n    * hard maxlogins 10\n\n    This can be set as a global domain (with the * wildcard) but may be set\ndifferently for multiple domains.\n\n    If the \\\"maxlogins\\\" item is missing, commented out, or the value is not\nset to \\\"10\\\" or less for all domains that have the \\\"maxlogins\\\" item\nassigned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to limit the number of concurrent sessions\nto \\\"10\\\" for all accounts and/or account types.\n\n    Add the following line to the top of the /etc/security/limits.conf or in a\n\\\".conf\\\" file defined in /etc/security/limits.d/ :\n\n    * hard maxlogins 10\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000027-GPOS-00008\"\n  tag gid: \"V-72217\"\n  tag rid: \"SV-86841r3_rule\"\n  tag stig_id: \"RHEL-07-040000\"\n  tag fix_id: \"F-78571r2_fix\"\n  tag cci: [\"CCI-000054\"]\n  tag nist: [\"AC-10\", \"Rev_4\"]\n\n  maxlogins_limit = input('maxlogins_limit')\n\n  # Collect any files under limits.d if they exist\n  limits_files = directory('/etc/security/limits.d').exist? ? command('ls /etc/security/limits.d/*.conf').stdout.strip.lines : []\n  # Add limits.conf to the list\n  limits_files.push('/etc/security/limits.conf')\n  compliant_files = []\n  noncompliant_files = []\n\n  limits_files.each do |limits_file|\n    # Get any universal limits from each file\n    local_limits = limits_conf(limits_file).*\n    # If we got an array (results) check further\n    if local_limits.is_a?(Array)\n      local_limits.each do |temp_limit|\n        # For each result check if it is a 'hard' limit for 'maxlogins'\n        if temp_limit.include?('hard') &amp;&amp; temp_limit.include?('maxlogins')\n          # If the limit is in range, push to compliant files\n          if temp_limit[-1].to_i &lt;= maxlogins_limit\n            compliant_files.push(limits_file)\n          # Otherwise add to noncompliant files\n          else\n            noncompliant_files.push(limits_file)\n          end\n        end\n      end\n    end\n  end\n\n  # It is required that at least 1 file contain compliant configuration\n  describe \"Files configuring maxlogins less than or equal to #{maxlogins_limit}\" do\n    subject { compliant_files.length }\n    it { should be_positive }\n  end\n\n  # No files should set 'hard' 'maxlogins' to any noncompliant value\n  describe \"Files configuring maxlogins greater than #{maxlogins_limit}\" do\n    subject { noncompliant_files }\n    it { should cmp [] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files configuring maxlogins less than or equal to 10 is expected to be positive
+--------------------------------
+passed :: TEST Files configuring maxlogins greater than 10 is expected to cmp == []</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72047</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86671r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all world-writable directories are group-owned by root, sys, bin, or an
-application group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+application group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a world-writable directory has the sticky bit set and is not
 group-owned by a privileged Group Identifier (GID), unauthorized users may be
 able to modify files created by others.
@@ -4561,15 +4383,15 @@ able to modify files created by others.
     The only authorized public directories are those temporary directories
 supplied with the system or those designed to be temporary file repositories.
 The setting is normally reserved for directories used by the system and by
-users for temporary file storage, (e.g., &#x2F;tmp), and for directories requiring
-global read&#x2F;write access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+users for temporary file storage, (e.g., /tmp), and for directories requiring
+global read/write access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all world-writable directories are group-owned by root, sys, bin, or
 an application group.
 
@@ -4578,1919 +4400,1827 @@ an application group.
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
-    drwxrwxrwt 2 root root 40 Aug 26 13:07 &#x2F;dev&#x2F;mqueue
-    drwxrwxrwt 2 root root 220 Aug 26 13:23 &#x2F;dev&#x2F;shm
-    drwxrwxrwt 14 root root 4096 Aug 26 13:29 &#x2F;tmp
+    # find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
+    drwxrwxrwt 2 root root 40 Aug 26 13:07 /dev/mqueue
+    drwxrwxrwt 2 root root 220 Aug 26 13:23 /dev/shm
+    drwxrwxrwt 14 root root 4096 Aug 26 13:29 /tmp
 
     If any world-writable directories are not owned by root, sys, bin, or an
-application group associated with the directory, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+application group associated with the directory, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Change the group of the world-writable directories to root with the
 following command:
 
-    # chgrp root &lt;directory&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>afde21f0-1fec-4bfa-9446-237725f52d26</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;var&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;var&#x2F;tmp&#x2F;cloud-init group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;var&#x2F;tmp&#x2F;systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-U8pkhb&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.XIM-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.Test-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.ICE-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.font-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;.X11-unix group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;
---------------------------------
-passed
-File &#x2F;tmp&#x2F;systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-Te8mBP&#x2F;tmp group is expected to be in &quot;root&quot;, &quot;sys&quot;, and &quot;bin&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72173</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86797r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030750</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chgrp root &lt;directory&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72047\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all world-writable directories are group-owned by root, sys, bin, or an\napplication group.\"\n  desc  \"If a world-writable directory has the sticky bit set and is not\ngroup-owned by a privileged Group Identifier (GID), unauthorized users may be\nable to modify files created by others.\n\n    The only authorized public directories are those temporary directories\nsupplied with the system or those designed to be temporary file repositories.\nThe setting is normally reserved for directories used by the system and by\nusers for temporary file storage, (e.g., /tmp), and for directories requiring\nglobal read/write access.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all world-writable directories are group-owned by root, sys, bin, or\nan application group.\n\n    Check the system for world-writable directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \\\\;\n    drwxrwxrwt 2 root root 40 Aug 26 13:07 /dev/mqueue\n    drwxrwxrwt 2 root root 220 Aug 26 13:23 /dev/shm\n    drwxrwxrwt 14 root root 4096 Aug 26 13:29 /tmp\n\n    If any world-writable directories are not owned by root, sys, bin, or an\napplication group associated with the directory, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group of the world-writable directories to root with the\nfollowing command:\n\n    # chgrp root &lt;directory&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72047\"\n  tag rid: \"SV-86671r4_rule\"\n  tag stig_id: \"RHEL-07-021030\"\n  tag fix_id: \"F-78399r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  application_groups = input('application_groups')\n\n  ww_dirs = Set[]\n  partitions = etc_fstab.params.map{|partition| partition['file_system_type']}.uniq\n  partitions.each do |part|\n    cmd = \"find / -perm -002 -xdev -type d -fstype #{part} -exec ls -lLd {} \\\\;\"\n    ww_dirs = ww_dirs + command(cmd).stdout.split(\"\\n\")\n  end\n\n  ww_dirs.to_a.each do |curr_dir|\n    dir_arr = curr_dir.split(' ')\n    describe file(dir_arr.last) do\n      its('group') { should be_in [\"root\",\"sys\",\"bin\"] + application_groups }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /var/tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /var/tmp/cloud-init group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /var/tmp/systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-U8pkhb/tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.XIM-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.Test-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.ICE-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.font-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/.X11-unix group is expected to be in "root", "sys", and "bin"
+--------------------------------
+passed :: TEST File /tmp/systemd-private-d24354a1797e4846b9e800d6f612ef8f-chronyd.service-Te8mBP/tmp group is expected to be in "root", "sys", and "bin"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72173</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86797r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030750</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the umount command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the umount command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged mount commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;umount&quot; command occur.
+successful/unsuccessful attempts to use the "umount" command occur.
 
     Check that the following system call is being audited by performing the
 following series of commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -iw &quot;&#x2F;usr&#x2F;bin&#x2F;umount&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "/usr/bin/umount" /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;umount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;umount&quot; command occur.
+successful/unsuccessful attempts to use the "umount" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;umount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f145be16-909e-41f1-831e-26b814d64c7b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;bin&#x2F;umount&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;bin&#x2F;umount&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72149</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86773r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72173\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe umount command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged mount commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"umount\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing series of commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw \\\"/usr/bin/umount\\\" /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"umount\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72173\"\n  tag rid: \"SV-86797r5_rule\"\n  tag stig_id: \"RHEL-07-030750\"\n  tag fix_id: \"F-78527r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/bin/umount'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/bin/umount" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/bin/umount" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72149</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86773r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the passwd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the passwd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;passwd&quot; command occur.
+successful/unsuccessful attempts to use the "passwd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;passwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/passwd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;passwd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;passwd&quot; command occur.
+successful/unsuccessful attempts to use the "passwd" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;passwd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2c45561e-2b96-4ca7-ae9b-5ef4c6ce355d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;passwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;passwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71927</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86551r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72149\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe passwd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"passwd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/passwd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"passwd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72149\"\n  tag rid: \"SV-86773r5_rule\"\n  tag stig_id: \"RHEL-07-030630\"\n  tag fix_id: \"F-78501r6_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n  \n  audit_file = '/usr/bin/passwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/passwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/passwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71927</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86551r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are restricted to a 24 hours&#x2F;1 day minimum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are restricted to a 24 hours/1 day minimum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enforcing a minimum password lifetime helps to prevent repeated
 password changes to defeat the password reuse or history enforcement
 requirement. If users are allowed to immediately and continually change their
 password, the password could be repeatedly changed in a short period of time to
-defeat the organization&#39;s policy regarding password reuse.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+defeat the organization's policy regarding password reuse.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check whether the minimum time period between password changes for each
 user account is one day or greater.
 
-    # awk -F: &#39;$4 &lt; 1 {print $1 &quot; &quot; $4}&#39; &#x2F;etc&#x2F;shadow
+    # awk -F: '$4 &lt; 1 {print $1 " " $4}' /etc/shadow
 
     If any results are returned that are not associated with a system account,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 24 hours&#x2F;1 day minimum
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 24 hours/1 day minimum
 password lifetime:
 
-    # chage -m 1 [user]</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5b366cc1-a99f-4a53-aed0-182eee5be7e3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;shadow with user &#x3D;&#x3D; &quot;ec2-user&quot; min_days.first.to_i is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72105</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86729r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030410</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chage -m 1 [user]</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71927\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are restricted to a 24 hours/1 day minimum lifetime.\"\n  desc  \"Enforcing a minimum password lifetime helps to prevent repeated\npassword changes to defeat the password reuse or history enforcement\nrequirement. If users are allowed to immediately and continually change their\npassword, the password could be repeatedly changed in a short period of time to\ndefeat the organization's policy regarding password reuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check whether the minimum time period between password changes for each\nuser account is one day or greater.\n\n    # awk -F: '$4 &lt; 1 {print $1 \\\" \\\" $4}' /etc/shadow\n\n    If any results are returned that are not associated with a system account,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure non-compliant accounts to enforce a 24 hours/1 day minimum\npassword lifetime:\n\n    # chage -m 1 [user]\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000075-GPOS-00043\"\n  tag gid: \"V-71927\"\n  tag rid: \"SV-86551r2_rule\"\n  tag stig_id: \"RHEL-07-010240\"\n  tag fix_id: \"F-78279r1_fix\"\n  tag cci: [\"CCI-000198\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  shadow.users.each do |user|\n    # filtering on non-system accounts (uid &gt;= 1000)\n    next unless user(user).uid &gt;= 1000\n    describe shadow.users(user) do\n      its('min_days.first.to_i') { should cmp &gt;= 1 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/shadow with user == "ec2-user" min_days.first.to_i is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72105</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86729r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030410</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chmod syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chmod syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "chmod" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw chmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw chmod /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;chmod&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"chmod" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "chmod" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4b9de4e3-5f24-40c5-a0d1-1f6f90d6c04d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72255</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86879r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040410</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72105\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chmod syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chmod\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw chmod /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"chmod\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chmod\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72105\"\n  tag rid: \"SV-86729r5_rule\"\n  tag stig_id: \"RHEL-07-030410\"\n  tag fix_id: \"F-78457r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"chmod\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"chmod\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "chmod" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chmod" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72255</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86879r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040410</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH public host key files have mode 0644 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH public host key files have mode 0644 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a public host key file is modified by an unauthorized user, the SSH
-service may be compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the SSH public host key files have mode &quot;0644&quot; or less permissive.
+service may be compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the SSH public host key files have mode "0644" or less permissive.
 
     Note: SSH public key files may be found in other directories on the system
 depending on the installation.
 
     The following command will find all SSH public key files on the system:
 
-    # find &#x2F;etc&#x2F;ssh -name &#39;*.pub&#39; -exec ls -lL {} \;
+    # find /etc/ssh -name '*.pub' -exec ls -lL {} \;
 
     -rw-r--r-- 1 root root 618 Nov 28 06:43 ssh_host_dsa_key.pub
     -rw-r--r-- 1 root root 347 Nov 28 06:43 ssh_host_key.pub
     -rw-r--r-- 1 root root 238 Nov 28 06:43 ssh_host_rsa_key.pub
 
-    If any file has a mode more permissive than &quot;0644&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any file has a mode more permissive than "0644", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: SSH public key files may be found in other directories on the system
 depending on the installation.
 
-    Change the mode of public host key files under &quot;&#x2F;etc&#x2F;ssh&quot; to &quot;0644&quot;
+    Change the mode of public host key files under "/etc/ssh" to "0644"
 with the following command:
 
-    # chmod 0644 &#x2F;etc&#x2F;ssh&#x2F;*.key.pub</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>132205c3-d7e1-4912-8e7b-e9ac36dbe07b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72087</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86711r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chmod 0644 /etc/ssh/*.key.pub</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72255\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH public host key files have mode 0644 or less permissive.\"\n  desc  \"If a public host key file is modified by an unauthorized user, the SSH\nservice may be compromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH public host key files have mode \\\"0644\\\" or less permissive.\n\n    Note: SSH public key files may be found in other directories on the system\ndepending on the installation.\n\n    The following command will find all SSH public key files on the system:\n\n    # find /etc/ssh -name '*.pub' -exec ls -lL {} \\\\;\n\n    -rw-r--r-- 1 root root 618 Nov 28 06:43 ssh_host_dsa_key.pub\n    -rw-r--r-- 1 root root 347 Nov 28 06:43 ssh_host_key.pub\n    -rw-r--r-- 1 root root 238 Nov 28 06:43 ssh_host_rsa_key.pub\n\n    If any file has a mode more permissive than \\\"0644\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Note: SSH public key files may be found in other directories on the system\ndepending on the installation.\n\n    Change the mode of public host key files under \\\"/etc/ssh\\\" to \\\"0644\\\"\nwith the following command:\n\n    # chmod 0644 /etc/ssh/*.key.pub\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72255\"\n  tag rid: \"SV-86879r2_rule\"\n  tag stig_id: \"RHEL-07-040410\"\n  tag fix_id: \"F-78609r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  pub_files = command(\"find /etc/ssh -xdev -name '*.pub' -perm /133\").stdout.split(\"\\n\")\n  if !pub_files.nil? and !pub_files.empty?\n    pub_files.each do |pubfile|\n      describe file(pubfile) do\n        it { should_not be_executable.by('owner') }\n        it { should_not be_executable.by('group') }\n        it { should_not be_writable.by('group') }\n        it { should_not be_executable.by('others') }\n        it { should_not be_writable.by('others') }\n      end\n    end\n  else\n     describe \"No files have a more permissive mode.\" do\n      subject { pub_files.nil? or pub_files.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72087</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86711r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the audit system takes appropriate action when the audit storage volume is
-full.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+full.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Taking appropriate action in case of a filled audit storage volume
-will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the action the operating system takes if the disk the audit records
 are written to becomes full.
 
     To determine the action that takes place if the disk is full on the remote
 server, use the following command:
 
-    # grep -i disk_full_action &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    disk_full_action &#x3D; single
+    # grep -i disk_full_action /etc/audisp/audisp-remote.conf
+    disk_full_action = single
 
-    If the value of the &quot;disk_full_action&quot; option is not &quot;syslog&quot;,
-&quot;single&quot;, or &quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "disk_full_action" option is not "syslog",
+"single", or "halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the action the operating system takes if the disk the audit
 records are written to becomes full.
 
-    Uncomment or edit the &quot;disk_full_action&quot; option in
-&quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; and set it to &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;, such as the following line:
-
-    disk_full_action &#x3D; single</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>34e4f89e-b510-4973-9f4d-c6bf021c34c0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
---------------------------------
-skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72259</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86883r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment or edit the "disk_full_action" option in
+"/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or
+"halt", such as the following line:
+
+    disk_full_action = single</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72087\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the audit system takes appropriate action when the audit storage volume is\nfull.\"\n  desc  \"Taking appropriate action in case of a filled audit storage volume\nwill minimize the possibility of losing audit records.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the action the operating system takes if the disk the audit records\nare written to becomes full.\n\n    To determine the action that takes place if the disk is full on the remote\nserver, use the following command:\n\n    # grep -i disk_full_action /etc/audisp/audisp-remote.conf\n    disk_full_action = single\n\n    If the value of the \\\"disk_full_action\\\" option is not \\\"syslog\\\",\n\\\"single\\\", or \\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the action the operating system takes if the disk the audit\nrecords are written to becomes full.\n\n    Uncomment or edit the \\\"disk_full_action\\\" option in\n\\\"/etc/audisp/audisp-remote.conf\\\" and set it to \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\", such as the following line:\n\n    disk_full_action = single\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag gid: \"V-72087\"\n  tag rid: \"SV-86711r3_rule\"\n  tag stig_id: \"RHEL-07-030320\"\n  tag fix_id: \"F-78439r4_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('disk_full_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\n\n# Test matches ./inspec-profiles/controls/V-73163.rb\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('network_failure_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf
+--------------------------------
+skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72259</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86883r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not permit Generic Security Service Application
-Program Interface (GSSAPI) authentication unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Program Interface (GSSAPI) authentication unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>GSSAPI authentication is used to provide additional authentication
 mechanisms to applications. Allowing GSSAPI authentication through SSH exposes
-the system&#39;s GSSAPI to remote hosts, increasing the attack surface of the
-system. GSSAPI authentication must be disabled unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the system's GSSAPI to remote hosts, increasing the attack surface of the
+system. GSSAPI authentication must be disabled unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not permit GSSAPI authentication unless approved.
 
     Check that the SSH daemon does not permit GSSAPI authentication with the
 following command:
 
-    # grep -i gssapiauth &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i gssapiauth /etc/ssh/sshd_config
     GSSAPIAuthentication no
 
-    If the &quot;GSSAPIAuthentication&quot; keyword is missing, is set to &quot;yes&quot; and
+    If the "GSSAPIAuthentication" keyword is missing, is set to "yes" and
 is not documented with the Information System Security Officer (ISSO), or the
-returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;GSSAPIAuthentication&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;
+returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "GSSAPIAuthentication" keyword in "/etc/ssh/sshd_config"
 (this file may be named differently or be in a different location if using a
 version of SSH that is provided by a third-party vendor) and set the value to
-&quot;no&quot;:
+"no":
 
     GSSAPIAuthentication no
 
     The SSH service must be restarted for changes to take effect.
 
     If GSSAPI authentication is required, it must be documented, to include the
-location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1667a1f9-1377-415a-9625-976716d68e86</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration GSSAPIAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87815r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030321</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72259\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not permit Generic Security Service Application\nProgram Interface (GSSAPI) authentication unless needed.\"\n  desc  \"GSSAPI authentication is used to provide additional authentication\nmechanisms to applications. Allowing GSSAPI authentication through SSH exposes\nthe system's GSSAPI to remote hosts, increasing the attack surface of the\nsystem. GSSAPI authentication must be disabled unless needed.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not permit GSSAPI authentication unless approved.\n\n    Check that the SSH daemon does not permit GSSAPI authentication with the\nfollowing command:\n\n    # grep -i gssapiauth /etc/ssh/sshd_config\n    GSSAPIAuthentication no\n\n    If the \\\"GSSAPIAuthentication\\\" keyword is missing, is set to \\\"yes\\\" and\nis not documented with the Information System Security Officer (ISSO), or the\nreturned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"GSSAPIAuthentication\\\" keyword in \\\"/etc/ssh/sshd_config\\\"\n(this file may be named differently or be in a different location if using a\nversion of SSH that is provided by a third-party vendor) and set the value to\n\\\"no\\\":\n\n    GSSAPIAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n\n    If GSSAPI authentication is required, it must be documented, to include the\nlocation of the configuration file, with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72259\"\n  tag rid: \"SV-86883r3_rule\"\n  tag stig_id: \"RHEL-07-040430\"\n  tag fix_id: \"F-78613r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('GSSAPIAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration GSSAPIAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87815r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030321</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the audit system takes appropriate action when there is an error sending
-audit records to a remote system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+audit records to a remote system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Taking appropriate action when there is an error sending audit records
-to a remote system will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to a remote system will minimize the possibility of losing audit records.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the action the operating system takes if there is an error sending
 audit records to a remote system.
 
     Check the action that takes place if there is an error sending audit
 records to a remote system with the following command:
 
-    # grep -i network_failure_action &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    network_failure_action &#x3D; syslog
+    # grep -i network_failure_action /etc/audisp/audisp-remote.conf
+    network_failure_action = syslog
 
-    If the value of the &quot;network_failure_action&quot; option is not &quot;syslog&quot;,
-&quot;single&quot;, or &quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "network_failure_action" option is not "syslog",
+"single", or "halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the action the operating system takes if there is an error
 sending audit records to a remote system.
 
-    Uncomment the &quot;network_failure_action&quot; option in
-&quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; and set it to &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;.
-
-    network_failure_action &#x3D; syslog</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d0c3e45f-5217-4269-811d-2b5b0a1514e5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72289</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86913r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment the "network_failure_action" option in
+"/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or
+"halt".
+
+    network_failure_action = syslog</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73163\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the audit system takes appropriate action when there is an error sending\naudit records to a remote system.\"\n  desc  \"Taking appropriate action when there is an error sending audit records\nto a remote system will minimize the possibility of losing audit records.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the action the operating system takes if there is an error sending\naudit records to a remote system.\n\n    Check the action that takes place if there is an error sending audit\nrecords to a remote system with the following command:\n\n    # grep -i network_failure_action /etc/audisp/audisp-remote.conf\n    network_failure_action = syslog\n\n    If the value of the \\\"network_failure_action\\\" option is not \\\"syslog\\\",\n\\\"single\\\", or \\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the action the operating system takes if there is an error\nsending audit records to a remote system.\n\n    Uncomment the \\\"network_failure_action\\\" option in\n\\\"/etc/audisp/audisp-remote.conf\\\" and set it to \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\".\n\n    network_failure_action = syslog\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag gid: \"V-73163\"\n  tag rid: \"SV-87815r3_rule\"\n  tag stig_id: \"RHEL-07-030321\"\n  tag fix_id: \"F-79609r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('network_failure_action'.to_s) { should be_in ['syslog', 'single', 'halt'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72289</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86913r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent Internet
 Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect
-messages from being accepted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+messages from being accepted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages modify the
-host&#39;s route table and are unauthenticated. An illicit ICMP redirect message
-could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+host's route table and are unauthenticated. An illicit ICMP redirect message
+could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system will not accept IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.default.accept_redirects&#39; &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    If &quot; net.ipv4.conf.default.accept_redirects &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.default.accept_redirects " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the value of the
-&quot;accept_redirects&quot; variables with the following command:
+"accept_redirects" variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.default.accept_redirects&#39;
-    net.ipv4.conf.default.accept_redirects &#x3D; 0
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'
+    net.ipv4.conf.default.accept_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to not accept IPv4 ICMP redirect messages by adding the
-following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+following line to "/etc/sysctl.conf" or a configuration file in the
+/etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.accept_redirects &#x3D; 0
+    net.ipv4.conf.default.accept_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3457950b-f49c-4827-adbf-2f7116b3d4e2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.accept_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72099</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86723r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72289\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect\nmessages from being accepted.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages modify the\nhost's route table and are unauthenticated. An illicit ICMP redirect message\ncould result in a man-in-the-middle attack.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system will not accept IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    If \\\" net.ipv4.conf.default.accept_redirects \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the value of the\n\\\"accept_redirects\\\" variables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'\n    net.ipv4.conf.default.accept_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to not accept IPv4 ICMP redirect messages by adding the\nfollowing line to \\\"/etc/sysctl.conf\\\" or a configuration file in the\n/etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.accept_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72289\"\n  tag rid: \"SV-86913r3_rule\"\n  tag stig_id: \"RHEL-07-040640\"\n  tag fix_id: \"F-78643r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.accept_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.accept_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72099</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86723r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030380</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchown&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fchown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>84f377bd-2fb3-470a-a5b9-9de61d19253a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71943</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86567r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72099\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fchown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72099\"\n  tag rid: \"SV-86723r5_rule\"\n  tag stig_id: \"RHEL-07-030380\"\n  tag fix_id: \"F-78451r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71943</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000329-GPOS-00128</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86567r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
 lock accounts for a minimum of 15 minutes after three unsuccessful logon
-attempts within a 15-minute timeframe.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+attempts within a 15-minute timeframe.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of
 unauthorized system access via user password guessing, otherwise known as
-brute-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+brute-forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check that the system locks an account for a minimum of 15 minutes after
 three unsuccessful logon attempts within a period of 15 minutes with the
 following command:
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep pam_faillock.so /etc/pam.d/password-auth
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;deny&quot; parameter is set to &quot;0&quot; or a value less than &quot;3&quot; on
-both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module, or is missing from
+    If the "deny" parameter is set to "0" or a value less than "3" on
+both "auth" lines with the "pam_faillock.so" module, or is missing from
 these lines, this is a finding.
 
-    If the &quot;even_deny_root&quot; parameter is not set on both &quot;auth&quot; lines with
-the &quot;pam_faillock.so&quot; module, or is missing from these lines, this is a
+    If the "even_deny_root" parameter is not set on both "auth" lines with
+the "pam_faillock.so" module, or is missing from these lines, this is a
 finding.
 
-    If the &quot;fail_interval&quot; parameter is set to &quot;0&quot; or is set to a value
-less than &quot;900&quot; on both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module,
+    If the "fail_interval" parameter is set to "0" or is set to a value
+less than "900" on both "auth" lines with the "pam_faillock.so" module,
 or is missing from these lines, this is a finding.
 
-    If the &quot;unlock_time&quot; parameter is not set to &quot;0&quot;, &quot;never&quot;, or is set
-to a value less than &quot;900&quot; on both &quot;auth&quot; lines with the
-&quot;pam_faillock.so&quot; module, or is missing from these lines, this is a finding.
+    If the "unlock_time" parameter is not set to "0", "never", or is set
+to a value less than "900" on both "auth" lines with the
+"pam_faillock.so" module, or is missing from these lines, this is a finding.
 
-    Note: The maximum configurable value for &quot;unlock_time&quot; is &quot;604800&quot;.
+    Note: The maximum configurable value for "unlock_time" is "604800".
 
-    If any line referencing the &quot;pam_faillock.so&quot; module is commented out,
+    If any line referencing the "pam_faillock.so" module is commented out,
 this is a finding.
 
-    # grep pam_faillock.so &#x2F;etc&#x2F;pam.d&#x2F;system-auth
+    # grep pam_faillock.so /etc/pam.d/system-auth
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
-    If the &quot;deny&quot; parameter is set to &quot;0&quot; or a value less than &quot;3&quot; on
-both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module, or is missing from
+    If the "deny" parameter is set to "0" or a value less than "3" on
+both "auth" lines with the "pam_faillock.so" module, or is missing from
 these lines, this is a finding.
 
-    If the &quot;even_deny_root&quot; parameter is not set on both &quot;auth&quot; lines with
-the &quot;pam_faillock.so&quot; module, or is missing from these lines, this is a
+    If the "even_deny_root" parameter is not set on both "auth" lines with
+the "pam_faillock.so" module, or is missing from these lines, this is a
 finding.
 
-    If the &quot;fail_interval&quot; parameter is set to &quot;0&quot; or is set to a value
-less than &quot;900&quot; on both &quot;auth&quot; lines with the &quot;pam_faillock.so&quot; module,
+    If the "fail_interval" parameter is set to "0" or is set to a value
+less than "900" on both "auth" lines with the "pam_faillock.so" module,
 or is missing from these lines, this is a finding.
 
-    If the &quot;unlock_time&quot; parameter is not set to &quot;0&quot;, &quot;never&quot;, or is set
-to a value less than &quot;900&quot; on both &quot;auth&quot; lines with the
-&quot;pam_faillock.so&quot; module or is missing from these lines, this is a finding.
+    If the "unlock_time" parameter is not set to "0", "never", or is set
+to a value less than "900" on both "auth" lines with the
+"pam_faillock.so" module or is missing from these lines, this is a finding.
 
-    Note: The maximum configurable value for &quot;unlock_time&quot; is &quot;604800&quot;.
-    If any line referencing the &quot;pam_faillock.so&quot; module is commented out,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    Note: The maximum configurable value for "unlock_time" is "604800".
+    If any line referencing the "pam_faillock.so" module is commented out,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to lock an account for the maximum period
 when three unsuccessful logon attempts in 15 minutes are made.
 
     Modify the first three lines of the auth section and the first line of the
-account section of the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; files to match the following lines:
+account section of the "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" files to match the following lines:
 
-    auth required pam_faillock.so preauth silent audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     auth sufficient pam_unix.so try_first_pass
-    auth [default&#x3D;die] pam_faillock.so authfail audit deny&#x3D;3 even_deny_root
-fail_interval&#x3D;900 unlock_time&#x3D;900
+    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root
+fail_interval=900 unlock_time=900
     account required pam_faillock.so
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>44b6acee-f343-44b4-bc8a-9333ec4c0412</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002236</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>error
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines 
-undefined local variable or method &#x60;required_rules&#39; for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDPasswordAuth_2::Lines:0x00007fb47b50fc08&gt;
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71943\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nlock accounts for a minimum of 15 minutes after three unsuccessful logon\nattempts within a 15-minute timeframe.\"\n  desc  \"By limiting the number of failed logon attempts, the risk of\nunauthorized system access via user password guessing, otherwise known as\nbrute-forcing, is reduced. Limits are imposed by locking the account.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check that the system locks an account for a minimum of 15 minutes after\nthree unsuccessful logon attempts within a period of 15 minutes with the\nfollowing command:\n\n    # grep pam_faillock.so /etc/pam.d/password-auth\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"deny\\\" parameter is set to \\\"0\\\" or a value less than \\\"3\\\" on\nboth \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module, or is missing from\nthese lines, this is a finding.\n\n    If the \\\"even_deny_root\\\" parameter is not set on both \\\"auth\\\" lines with\nthe \\\"pam_faillock.so\\\" module, or is missing from these lines, this is a\nfinding.\n\n    If the \\\"fail_interval\\\" parameter is set to \\\"0\\\" or is set to a value\nless than \\\"900\\\" on both \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module,\nor is missing from these lines, this is a finding.\n\n    If the \\\"unlock_time\\\" parameter is not set to \\\"0\\\", \\\"never\\\", or is set\nto a value less than \\\"900\\\" on both \\\"auth\\\" lines with the\n\\\"pam_faillock.so\\\" module, or is missing from these lines, this is a finding.\n\n    Note: The maximum configurable value for \\\"unlock_time\\\" is \\\"604800\\\".\n\n    If any line referencing the \\\"pam_faillock.so\\\" module is commented out,\nthis is a finding.\n\n    # grep pam_faillock.so /etc/pam.d/system-auth\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    If the \\\"deny\\\" parameter is set to \\\"0\\\" or a value less than \\\"3\\\" on\nboth \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module, or is missing from\nthese lines, this is a finding.\n\n    If the \\\"even_deny_root\\\" parameter is not set on both \\\"auth\\\" lines with\nthe \\\"pam_faillock.so\\\" module, or is missing from these lines, this is a\nfinding.\n\n    If the \\\"fail_interval\\\" parameter is set to \\\"0\\\" or is set to a value\nless than \\\"900\\\" on both \\\"auth\\\" lines with the \\\"pam_faillock.so\\\" module,\nor is missing from these lines, this is a finding.\n\n    If the \\\"unlock_time\\\" parameter is not set to \\\"0\\\", \\\"never\\\", or is set\nto a value less than \\\"900\\\" on both \\\"auth\\\" lines with the\n\\\"pam_faillock.so\\\" module or is missing from these lines, this is a finding.\n\n    Note: The maximum configurable value for \\\"unlock_time\\\" is \\\"604800\\\".\n    If any line referencing the \\\"pam_faillock.so\\\" module is commented out,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to lock an account for the maximum period\nwhen three unsuccessful logon attempts in 15 minutes are made.\n\n    Modify the first three lines of the auth section and the first line of the\naccount section of the \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" files to match the following lines:\n\n    auth required pam_faillock.so preauth silent audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    auth sufficient pam_unix.so try_first_pass\n    auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root\nfail_interval=900 unlock_time=900\n    account required pam_faillock.so\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000329-GPOS-00128\"\n  tag satisfies: [\"SRG-OS-000329-GPOS-00128\", \"SRG-OS-000021-GPOS-00005\"]\n  tag gid: \"V-71943\"\n  tag rid: \"SV-86567r5_rule\"\n  tag stig_id: \"RHEL-07-010320\"\n  tag fix_id: \"F-78295r5_fix\"\n  tag cci: [\"CCI-000044\", \"CCI-002236\", \"CCI-002237\", \"CCI-002238\"]\n  tag nist: [\"AC-7 a\", \"AC-7 b\", \"AC-7 b\", \"AC-7 b\", \"Rev_4\"]\n\n  unsuccessful_attempts = input('unsuccessful_attempts')\n  fail_interval = input('fail_interval')\n  lockout_time = input('lockout_time')\n\n  describe pam('/etc/pam.d/password-auth') do\n    its('lines') {\n      should match_pam_rules(required_rules).exactly.or \\\n             match_pam_rules(alternate_rules).exactly\n    }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('deny', '&lt;=', unsuccessful_attempts) }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('fail_interval', '&lt;=', fail_interval) }\n    its('lines') {\n      should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_args('unlock_time=(0|never)').or \\\n            (match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&lt;=', 604800).and \\\n             match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&gt;=', lockout_time))\n    }\n  end\n\n  describe pam('/etc/pam.d/system-auth') do\n    its('lines') {\n      should match_pam_rules(required_rules).exactly.or \\\n             match_pam_rules(alternate_rules).exactly\n    }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('deny', '&lt;=', unsuccessful_attempts) }\n    its('lines') { should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('fail_interval', '&lt;=', fail_interval) }\n    its('lines') {\n      should match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_args('unlock_time=(0|never)').or \\\n            (match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&lt;=', 604800).and \\\n             match_pam_rule('auth [default=die]|required pam_faillock.so').all_with_integer_arg('unlock_time', '&gt;=', lockout_time))\n    }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002236</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/password-auth] lines  :: MESSAGE undefined local variable or method `required_rules' for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDPasswordAuth_2::Lines:0x00007fb47b50fc08&gt;
 Did you mean?  require_relative
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg deny &lt;&#x3D; 3
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg deny &lt;= 3
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg fail_interval &lt;&#x3D; 900
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg fail_interval &lt;= 900
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with args unlock_time&#x3D;(0|never) or include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &lt;&#x3D; 604800 and include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &gt;&#x3D; 604800
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with args unlock_time=(0|never) or include auth [default=die]|required pam_faillock.so, all with arg unlock_time &lt;= 604800 and include auth [default=die]|required pam_faillock.so, all with arg unlock_time &gt;= 604800
 --------------------------------
-error
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines 
-undefined local variable or method &#x60;required_rules&#39; for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDSystemAuth_2::Lines:0x00007fb47b5e4250&gt;
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines  :: MESSAGE undefined local variable or method `required_rules' for #&lt;RSpec::ExampleGroups::PAMConfigEtcPamDSystemAuth_2::Lines:0x00007fb47b5e4250&gt;
 Did you mean?  require_relative
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg deny &lt;&#x3D; 3
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with arg fail_interval &lt;&#x3D; 900
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include auth [default&#x3D;die]|required pam_faillock.so, all with args unlock_time&#x3D;(0|never) or include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &lt;&#x3D; 604800 and include auth [default&#x3D;die]|required pam_faillock.so, all with arg unlock_time &gt;&#x3D; 604800</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73155</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87807r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010081</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg deny &lt;= 3
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with arg fail_interval &lt;= 900
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include auth [default=die]|required pam_faillock.so, all with args unlock_time=(0|never) or include auth [default=die]|required pam_faillock.so, all with arg unlock_time &lt;= 604800 and include auth [default=die]|required pam_faillock.so, all with arg unlock_time &gt;= 604800</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73155</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87807r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010081</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
-  overriding the screensaver lock-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+  overriding the screensaver lock-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
   work and moves away from the immediate physical vicinity of the information
   system but does not log out because of the temporary nature of the absence.
   Rather than relying on the user to manually lock their operating system session
   prior to vacating the vicinity, operating systems need to be able to identify
-  when a user&#39;s session has idled and take action to initiate the session lock.
+  when a user's session has idled and take action to initiate the session lock.
 
       The session lock is implemented at the point where session activity can be
-  determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+  determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding a screensaver
 lock after a 15-minute period of inactivity for graphical user interfaces.
 
@@ -6500,24 +6230,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the lock delay setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i lock-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i lock-delay /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-delay
+    /org/gnome/desktop/screensaver/lock-delay
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -6525,139 +6255,133 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver lock delay:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-delay</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>64f01525-04bb-48c5-b664-708e5531ce59</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86851r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040180</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/lock-delay</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73155\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\n  overriding the screensaver lock-delay setting for the graphical user interface.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\n  work and moves away from the immediate physical vicinity of the information\n  system but does not log out because of the temporary nature of the absence.\n  Rather than relying on the user to manually lock their operating system session\n  prior to vacating the vicinity, operating systems need to be able to identify\n  when a user's session has idled and take action to initiate the session lock.\n\n      The session lock is implemented at the point where session activity can be\n  determined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding a screensaver\n  lock after a 15-minute period of inactivity for graphical user interfaces.\n\n      Note: If the system does not have GNOME installed, this requirement is Not\n  Applicable. The screen program must be installed to lock sessions on the\n  console.\n\n      Determine which profile the system database is using with the following\n  command:\n      # grep system-db /etc/dconf/profile/user\n\n      system-db:local\n\n      Check for the lock delay setting with the following command:\n\n      Note: The example below is using the database \\\"local\\\" for the system, so\n  the path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\n  other than \\\"local\\\" is being used.\n\n      # grep -i lock-delay /etc/dconf/db/local.d/locks/*\n\n      /org/gnome/desktop/screensaver/lock-delay\n\n      If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\n    screensaver lock after a 15-minute period of inactivity for graphical user\n    interfaces.\n\n        Create a database to contain the system-wide screensaver settings (if it\n    does not already exist) with the following command:\n\n        Note: The example below is using the database \\\"local\\\" for the system, so\n    if the system is using another database in \\\"/etc/dconf/profile/user\\\", the\n    file should be created under the appropriate subdirectory.\n\n        # touch /etc/dconf/db/local.d/locks/session\n\n        Add the setting to lock the screensaver lock delay:\n\n        /org/gnome/desktop/screensaver/lock-delay\n  \"\n\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-73155\"\n  tag rid: \"SV-87807r4_rule\"\n  tag stig_id: \"RHEL-07-010081\"\n  tag fix_id: \"F-79601r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n    unless package('gnome-desktop3').installed?\n      impact 0.0\n      describe \"The GNOME desktop is not installed\" do\n        skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n      end\n    else\n      describe command(\"gsettings writable org.gnome.desktop.screensaver lock-delay\") do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86851r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040180</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) authentication communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) authentication communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -6668,534 +6392,485 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; the LDAP is currently using:
+    Determine the "id_provider" the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Ensure that LDAP is configured to use TLS by using the following command:
 
-    # grep -i &quot;start_tls&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
-    ldap_id_use_start_tls &#x3D; true
+    # grep -i "start_tls" /etc/sssd/sssd.conf
+    ldap_id_use_start_tls = true
 
-    If the &quot;ldap_id_use_start_tls&quot; option is not &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ldap_id_use_start_tls" option is not "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP authentication sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_id_use_start_tls &#x3D; true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6631302e-c560-4bf0-a4b2-64d3695141ad</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72317</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86941r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040820</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_id_use_start_tls = true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72227\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) authentication communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP authentication sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Ensure that LDAP is configured to use TLS by using the following command:\n\n    # grep -i \\\"start_tls\\\" /etc/sssd/sssd.conf\n    ldap_id_use_start_tls = true\n\n    If the \\\"ldap_id_use_start_tls\\\" option is not \\\"true\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP authentication sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_id_use_start_tls = true\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72227\"\n  tag rid: \"SV-86851r4_rule\"\n  tag stig_id: \"RHEL-07-040180\"\n  tag fix_id: \"F-78581r2_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if pam_ldap_enabled\n    describe command('grep -i ssl /etc/pam_ldap.conf') do\n      its('stdout.strip') { should match %r{^ssl start_tls$}}\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72317</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86941r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040820</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have
-unauthorized IP tunnels configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unauthorized IP tunnels configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>IP tunneling mechanisms can be used to bypass network filtering. If
 tunneling is required, it must be documented with the Information System
-Security Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Security Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not have unauthorized IP tunnels configured.
 
-    Check to see if &quot;libreswan&quot; is installed with the following command:
+    Check to see if "libreswan" is installed with the following command:
 
     # yum list installed libreswan
     libreswan.x86-64 3.20-5.el7_4
 
-    If &quot;libreswan&quot; is installed, check to see if the &quot;IPsec&quot; service is
+    If "libreswan" is installed, check to see if the "IPsec" service is
 active with the following command:
 
     # systemctl status ipsec
     ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;ipsec.service; disabled)
+    Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
     Active: inactive (dead)
 
-    If the &quot;IPsec&quot; service is active, check to see if any tunnels are
-configured in &quot;&#x2F;etc&#x2F;ipsec.conf&quot; and &quot;&#x2F;etc&#x2F;ipsec.d&#x2F;&quot; with the following
+    If the "IPsec" service is active, check to see if any tunnels are
+configured in "/etc/ipsec.conf" and "/etc/ipsec.d/" with the following
 commands:
 
-    # grep -iw conn &#x2F;etc&#x2F;ipsec.conf &#x2F;etc&#x2F;ipsec.d&#x2F;*.conf
+    # grep -iw conn /etc/ipsec.conf /etc/ipsec.d/*.conf
 
-    If there are indications that a &quot;conn&quot; parameter is configured for a
+    If there are indications that a "conn" parameter is configured for a
 tunnel, ask the System Administrator if the tunnel is documented with the ISSO.
 
-    If &quot;libreswan&quot; is installed, &quot;IPsec&quot; is active, and an undocumented
-tunnel is active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "libreswan" is installed, "IPsec" is active, and an undocumented
+tunnel is active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove all unapproved tunnels from the system, or document them
-with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>70fdb0a5-cafa-4c71-a290-e33fe2a8f146</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have libreswan installed or the ipsec.service isn&#39;t running
-The system does not have libreswan installed or the ipsec.service isn&#39;t running, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71937</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86561r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010290</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72317\" do\n  title \"The Red Hat Enterprise Linux operating system must not have\nunauthorized IP tunnels configured.\"\n  desc  \"IP tunneling mechanisms can be used to bypass network filtering. If\ntunneling is required, it must be documented with the Information System\nSecurity Officer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not have unauthorized IP tunnels configured.\n\n    Check to see if \\\"libreswan\\\" is installed with the following command:\n\n    # yum list installed libreswan\n    libreswan.x86-64 3.20-5.el7_4\n\n    If \\\"libreswan\\\" is installed, check to see if the \\\"IPsec\\\" service is\nactive with the following command:\n\n    # systemctl status ipsec\n    ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec\n    Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)\n    Active: inactive (dead)\n\n    If the \\\"IPsec\\\" service is active, check to see if any tunnels are\nconfigured in \\\"/etc/ipsec.conf\\\" and \\\"/etc/ipsec.d/\\\" with the following\ncommands:\n\n    # grep -iw conn /etc/ipsec.conf /etc/ipsec.d/*.conf\n\n    If there are indications that a \\\"conn\\\" parameter is configured for a\ntunnel, ask the System Administrator if the tunnel is documented with the ISSO.\n\n    If \\\"libreswan\\\" is installed, \\\"IPsec\\\" is active, and an undocumented\ntunnel is active, this is a finding.\n  \"\n  desc  \"fix\", \"Remove all unapproved tunnels from the system, or document them\nwith the ISSO.\"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72317\"\n  tag rid: \"SV-86941r2_rule\"\n  tag stig_id: \"RHEL-07-040820\"\n  tag fix_id: \"F-78671r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  approved_tunnels = input('approved_tunnels')\n\n  if package('libreswan').installed? &amp;&amp; service('ipsec.service').running?\n    impact 0.5\n    processed = []\n    to_process = ['/etc/ipsec.conf']\n\n    while !to_process.empty?\n      in_process = to_process.pop\n      next if processed.include? in_process\n      processed.push in_process\n\n      to_process.concat(\n        command(\"grep -E '^\\\\s*include\\\\s+' #{in_process} | sed 's/^[[:space:]]*include[[:space:]]*//g'\").\n          stdout.strip.split(%r{\\s*\\n+\\s*}).\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          map { |f|\n            dir = f.sub(%r{[^/]*[\\*\\?\\[].*$}, '') # gets the longest ancestor path which doesn't contain wildcards\n            command(\"find #{dir} -wholename '#{f}'\").stdout.strip.split(\"\\n\")\n          }.\n          flatten.\n          select { |f| file(f).file? }\n      )\n    end\n\n    conn_grep = processed.map do |conf|\n      command(\"grep -E '^\\\\s*conn\\\\s+' #{conf}\").\n        stdout.strip.split(%r{\\s*\\n\\s*})\n    end.flatten\n\n    describe conn_grep do\n      it { should all(be_in approved_tunnels) }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have libreswan installed or the ipsec.service isn't running\" do\n      skip \"The system does not have libreswan installed or the ipsec.service isn't running, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have libreswan installed or the ipsec.service isn't running :: SKIP_MESSAGE The system does not have libreswan installed or the ipsec.service isn't running, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71937</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86561r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010290</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have accounts
-configured with blank or null passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+configured with blank or null passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account has an empty password, anyone could log on and run
 commands with the privileges of that account. Accounts with empty passwords
-should never be used in operational environments.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+should never be used in operational environments.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To verify that null passwords cannot be used, run the following command:
 
-    # grep nullok &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth
 
     If this produces any output, it may be possible to log on with accounts
 with empty passwords.
 
-    If null passwords can be used, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If null passwords can be used, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account is configured for password authentication but does not have
 an assigned password, it may be possible to log on to the account without
 authenticating.
 
-    Remove any instances of the &quot;nullok&quot; option in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot;
-and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; to prevent logons with empty passwords.
+    Remove any instances of the "nullok" option in "/etc/pam.d/system-auth"
+and "/etc/pam.d/password-auth" to prevent logons with empty passwords.
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bf2f7c8c-7298-404a-b53e-5f90aa596ac9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;config-util] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;other] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;chfn] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;chsh] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;login] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;remote] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;runuser] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;runuser-l] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;su] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;su-l] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;systemd-user] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;polkit-1] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;crond] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;rhn_register] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;subscription-manager] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sshd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smtp.postfix] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smtp] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;vlock] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sudo] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sudo-i] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;fingerprint-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;smartcard-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;atd] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;sssd-shadowutils] lines is expected to include .* .* pam_unix.so, all without args nullok
-expected &quot;auth [success&#x3D;done ignore&#x3D;ignore default&#x3D;die] pam_unix.so nullok try_first_pass\naccount required pam_unix.so&quot; to include .* .* pam_unix.so, all without args nullok
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71937\" do\n  title \"The Red Hat Enterprise Linux operating system must not have accounts\nconfigured with blank or null passwords.\"\n  desc  \"If an account has an empty password, anyone could log on and run\ncommands with the privileges of that account. Accounts with empty passwords\nshould never be used in operational environments.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    To verify that null passwords cannot be used, run the following command:\n\n    # grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    If this produces any output, it may be possible to log on with accounts\nwith empty passwords.\n\n    If null passwords can be used, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If an account is configured for password authentication but does not have\nan assigned password, it may be possible to log on to the account without\nauthenticating.\n\n    Remove any instances of the \\\"nullok\\\" option in \\\"/etc/pam.d/system-auth\\\"\nand \\\"/etc/pam.d/password-auth\\\" to prevent logons with empty passwords.\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71937\"\n  tag rid: \"SV-86561r3_rule\"\n  tag stig_id: \"RHEL-07-010290\"\n  tag fix_id: \"F-78289r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  # Fetch all files under /etc/pam.d excluding '*-ac' files\n  # but including symlinks\n  pam_file_list = command('find /etc/pam.d ! -name \\'*-ac\\' -a \\( -type f -o -type l \\)').stdout.strip.split\n\n  pam_file_list.each do |pam_file|\n    describe pam(pam_file) do\n      its('lines') { should match_pam_rule('.* .* pam_unix.so').all_without_args('nullok') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/config-util] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/other] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/chfn] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/chsh] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/login] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/remote] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/runuser] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/runuser-l] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/su] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/su-l] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/systemd-user] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/polkit-1] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/crond] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/rhn_register] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/subscription-manager] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sshd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smtp.postfix] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smtp] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/vlock] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sudo] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sudo-i] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/fingerprint-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/smartcard-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/atd] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/sssd-shadowutils] lines is expected to include .* .* pam_unix.so, all without args nullok :: MESSAGE expected "auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass\naccount required pam_unix.so" to include .* .* pam_unix.so, all without args nullok
 Diff:
 @@ -1,2 +1,3 @@
 -.* .* pam_unix.so
-+auth [success&#x3D;done ignore&#x3D;ignore default&#x3D;die] pam_unix.so nullok try_first_pass
++auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
 +account required pam_unix.so
 
 --------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;screen] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;password-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;postlogin] lines is expected to include .* .* pam_unix.so, all without args nullok</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78995</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93701r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010062</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+passed :: TEST PAM Config[/etc/pam.d/screen] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/password-auth-local] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/password-auth] lines is expected to include .* .* pam_unix.so, all without args nullok
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/postlogin] lines is expected to include .* .* pam_unix.so, all without args nullok</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78995</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93701r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010062</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
 overriding the screensaver lock-enabled setting for the graphical user
-interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -7203,17 +6878,17 @@ does not want to log out because of the temporary nature of the absence.
     The session lock is implemented at the point where session activity can be
 determined.
 
-    The ability to enable&#x2F;disable a session lock is given to the user by
-default. Disabling the users ability to disengage the graphical user interface
+    The ability to enable/disable a session lock is given to the user by
+default. Disabling the user’s ability to disengage the graphical user interface
 session lock provides the assurance that all sessions will lock after the
-specified period of time.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+specified period of time.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding the screensaver
 lock-enabled setting for the graphical user interface.
 
@@ -7223,24 +6898,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the lock-enabled setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i lock-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i lock-enabled /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-enabled
+    /org/gnome/desktop/screensaver/lock-enabled
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -7248,290 +6923,277 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver lock-enabled setting:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;lock-enabled</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5035b12e-6db8-4045-8ef2-65ffe5658773</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72137</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86761r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030570</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/lock-enabled</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78995\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the screensaver lock-enabled setting for the graphical user\ninterface.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    The ability to enable/disable a session lock is given to the user by\ndefault. Disabling the user’s ability to disengage the graphical user interface\nsession lock provides the assurance that all sessions will lock after the\nspecified period of time.\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding the screensaver\nlock-enabled setting for the graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the lock-enabled setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i lock-enabled /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/screensaver/lock-enabled\n\n    If the command does not return a result, this is a finding.\n\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\nscreensaver lock after a 15-minute period of inactivity for graphical user\ninterfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in \\\"/etc/dconf/profile/user\\\", the\nfile should be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the screensaver lock-enabled setting:\n\n    /org/gnome/desktop/screensaver/lock-enabled\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-78995\"\n  tag rid: \"SV-93701r3_rule\"\n  tag stig_id: \"RHEL-07-010062\"\n  tag fix_id: \"F-85745r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command(\"gsettings writable org.gnome.desktop.screensaver lock-enabled\") do\n      its('stdout.strip') { should cmp 'false' }\n    end\n  else\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do\n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  end  \nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72137</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86761r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030570</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setsebool command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setsebool command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setsebool&quot; command occur.
+successful/unsuccessful attempts to use the "setsebool" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;setsebool &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/setsebool /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setsebool -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-priv_change
+    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setsebool&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setsebool -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-priv_change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>927c4d9c-b076-434c-9229-2b409b7e9a3d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setsebool&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setsebool&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86633r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "setsebool" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-priv_change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72137\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setsebool command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setsebool\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/setsebool /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setsebool\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72137\"\n  tag rid: \"SV-86761r4_rule\"\n  tag stig_id: \"RHEL-07-030570\"\n  tag fix_id: \"F-78489r6_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n  \n  audit_file = '/usr/sbin/setsebool'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/setsebool" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/setsebool" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86633r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all files and directories have a valid group owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all files and directories have a valid group owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Files without a valid group owner may be unintentionally inherited if
 a group is assigned the same Group Identifier (GID) as the GID of the files
-without a valid group owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+without a valid group owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories on the system have a valid group.
 
     Check the owner of all files and directories with the following command:
@@ -7539,162 +7201,150 @@ without a valid group owner.</ATTRIBUTE_DATA>
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -fstype xfs -nogroup
+    # find / -fstype xfs -nogroup
 
-    If any files on the system do not have an assigned group, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files on the system do not have an assigned group, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Either remove all files and directories from the system that do not have a
 valid group, or assign a valid group to all files and directories on the system
-with the &quot;chgrp&quot; command:
-
-    # chgrp &lt;group&gt; &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>becd8ef5-39d2-4ea4-a50e-5ea58d608bf6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -fstype xfs -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext3 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext2 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext4 -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype msdos -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype vfat -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype btrfs -nogroup&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype fuseblk -nogroup&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73157</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87809r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010082</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the "chgrp" command:
+
+    # chgrp &lt;group&gt; &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72009\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories have a valid group owner.\"\n  desc  \"Files without a valid group owner may be unintentionally inherited if\na group is assigned the same Group Identifier (GID) as the GID of the files\nwithout a valid group owner.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories on the system have a valid group.\n\n    Check the owner of all files and directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -fstype xfs -nogroup\n\n    If any files on the system do not have an assigned group, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Either remove all files and directories from the system that do not have a\nvalid group, or assign a valid group to all files and directories on the system\nwith the \\\"chgrp\\\" command:\n\n    # chgrp &lt;group&gt; &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72009\"\n  tag rid: \"SV-86633r3_rule\"\n  tag stig_id: \"RHEL-07-020330\"\n  tag fix_id: \"F-78361r1_fix\"\n  tag cci: [\"CCI-002165\"]\n  tag nist: [\"AC-3 (4)\", \"Rev_4\"]\n\n  command('grep -v \"nodev\" /proc/filesystems | awk \\'NF{ print $NF }\\'').\n    stdout.strip.split(\"\\n\").each do |fs|\n      describe command(\"find / -xautofs -fstype #{fs} -nogroup\") do\n        its('stdout.strip') { should be_empty }\n      end\n    end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -fstype xfs -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext3 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext2 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext4 -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype msdos -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype vfat -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype btrfs -nogroup` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype fuseblk -nogroup` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73157</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87809r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010082</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
-overriding the session idle-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+overriding the session idle-delay setting for the graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding session idle
 delay after a 15-minute period of inactivity for graphical user interfaces.
 
@@ -7704,675 +7354,640 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the session idle delay setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i idle-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i idle-delay /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;session&#x2F;idle-delay
+    /org/gnome/desktop/session/idle-delay
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a session
 lock after a 15-minute period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user, the file
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in /etc/dconf/profile/user, the file
 should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the session idle delay:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;session&#x2F;idle-delay</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>505034d8-953d-47c6-b00c-8b1023cea436</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72097</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86721r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030370</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/session/idle-delay</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73157\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the session idle-delay setting for the graphical user interface.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding session idle\ndelay after a 15-minute period of inactivity for graphical user interfaces.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the session idle delay setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i idle-delay /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/session/idle-delay\n\n    If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a session\nlock after a 15-minute period of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in /etc/dconf/profile/user, the file\nshould be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the session idle delay:\n\n    /org/gnome/desktop/session/idle-delay\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-73157\"\n  tag rid: \"SV-87809r4_rule\"\n  tag stig_id: \"RHEL-07-010082\"\n  tag fix_id: \"F-79603r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  unless package('gnome-desktop3').installed?\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do\n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  else\n    describe command(\"gsettings writable org.gnome.desktop.session idle-delay\") do\n      its('stdout.strip') { should cmp 'false' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72097</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86721r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030370</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chown&quot; syscall occur.
+successful/unsuccessful attempts to use the "chown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw chown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw chown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;chown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"chown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S chown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>caea43bd-2e54-4efd-8b1b-8b420f7245df</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;chown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72075</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86699r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72097\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw chown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"chown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72097\"\n  tag rid: \"SV-86721r5_rule\"\n  tag stig_id: \"RHEL-07-030370\"\n  tag fix_id: \"F-78449r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"chown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"chown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "chown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "chown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72075</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86699r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow removable
-media to be used as the boot loader unless approved.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+media to be used as the boot loader unless approved.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Malicious users with removable boot media can gain access to a system
 configured to use removable media as the boot loader. If removable media is
 designed to be used as the boot loader, the requirement must be documented with
-the Information System Security Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the Information System Security Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is not configured to use a boot loader on removable media.
 
-    Note: GRUB 2 reads its configuration from the &quot;&#x2F;boot&#x2F;grub2&#x2F;grub.cfg&quot; file
+    Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file
 on traditional BIOS-based machines and from the
-&quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg&quot; file on UEFI machines.
+"/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
 
     Check for the existence of alternate boot loader configuration files with
 the following command:
 
-    # find &#x2F; -name grub.cfg
-    &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # find / -name grub.cfg
+    /boot/grub2/grub.cfg
 
-    If a &quot;grub.cfg&quot; is found in any subdirectories other than &quot;&#x2F;boot&#x2F;grub2&quot;
-and &quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&quot;, ask the System Administrator if there is
+    If a "grub.cfg" is found in any subdirectories other than "/boot/grub2"
+and "/boot/efi/EFI/redhat", ask the System Administrator if there is
 documentation signed by the ISSO to approve the use of removable media as a
 boot loader.
 
     Check that the grub configuration file has the set root command in each
 menu entry with the following commands:
 
-    # grep -c menuentry &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grep -c menuentry /boot/grub2/grub.cfg
     1
-    # grep &#39;set root&#39; &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-    set root&#x3D;(hd0,1)
+    # grep 'set root' /boot/grub2/grub.cfg
+    set root=(hd0,1)
 
     If the system is using an alternate boot loader on removable media, and
 documentation does not exist approving the alternate configuration, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remove alternate methods of booting the system from removable
-media or document the configuration to boot from removable media with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>614d334f-1acf-4812-877a-6ea9437d486b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist
-expected File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
---------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-expected &quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot; to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
+media or document the configuration to boot from removable media with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72075\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow removable\nmedia to be used as the boot loader unless approved.\"\n  desc  \"Malicious users with removable boot media can gain access to a system\nconfigured to use removable media as the boot loader. If removable media is\ndesigned to be used as the boot loader, the requirement must be documented with\nthe Information System Security Officer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is not configured to use a boot loader on removable media.\n\n    Note: GRUB 2 reads its configuration from the \\\"/boot/grub2/grub.cfg\\\" file\non traditional BIOS-based machines and from the\n\\\"/boot/efi/EFI/redhat/grub.cfg\\\" file on UEFI machines.\n\n    Check for the existence of alternate boot loader configuration files with\nthe following command:\n\n    # find / -name grub.cfg\n    /boot/grub2/grub.cfg\n\n    If a \\\"grub.cfg\\\" is found in any subdirectories other than \\\"/boot/grub2\\\"\nand \\\"/boot/efi/EFI/redhat\\\", ask the System Administrator if there is\ndocumentation signed by the ISSO to approve the use of removable media as a\nboot loader.\n\n    Check that the grub configuration file has the set root command in each\nmenu entry with the following commands:\n\n    # grep -c menuentry /boot/grub2/grub.cfg\n    1\n    # grep 'set root' /boot/grub2/grub.cfg\n    set root=(hd0,1)\n\n    If the system is using an alternate boot loader on removable media, and\ndocumentation does not exist approving the alternate configuration, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Remove alternate methods of booting the system from removable\nmedia or document the configuration to boot from removable media with the ISSO.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72075\"\n  tag rid: \"SV-86699r2_rule\"\n  tag stig_id: \"RHEL-07-021700\"\n  tag fix_id: \"F-78427r1_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  roots = command('grubby --info=ALL | grep \"^root=\" | sed \"s/^root=//g\"').\n    stdout.strip.split(\"\\n\")\n\n  blocks = roots.map { |root|\n    root_file = file(root)\n    root_file.symlink? ? root_file.link_path : root_file.path\n  }\n\n  blocks.each { |block|\n    block_file = file(block)\n    describe block_file do\n      it { should exist }\n      its('path') { should match %r{^/dev/} }\n    end\n\n    if block_file.exist? and block_file.path.match? %r{^/dev/}\n      removable = ['/sys/block', block.sub(%r{^/dev/}, ''), 'removable'].join('/')\n      describe file(removable) do\n        it { should exist }\n        its('content.strip') { should eq '0' }\n      end\n    end\n  }\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist :: MESSAGE expected File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
+--------------------------------
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match /^\/dev\// :: MESSAGE expected "UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033" to match /^\/dev\//
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-+&quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot;
+-/^\/dev\//
++"UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033"
 
 --------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist
-expected File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 is expected to exist :: MESSAGE expected File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 to exist
 --------------------------------
-passed
-File UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-expected &quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot; to match &#x2F;^\&#x2F;dev\&#x2F;&#x2F;
+passed :: TEST File UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033 path is expected to match /^\/dev\// :: MESSAGE expected "UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033" to match /^\/dev\//
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;dev\&#x2F;&#x2F;
-+&quot;UUID&#x3D;5a000634-a1fc-467d-8ef4-5fcf5dbc6033&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72179</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86803r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030780</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^\/dev\//
++"UUID=5a000634-a1fc-467d-8ef4-5fcf5dbc6033"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72179</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86803r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030780</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the ssh-keysign command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the ssh-keysign command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged ssh commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ssh-keysign&quot; command occur.
+successful/unsuccessful attempts to use the "ssh-keysign" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-ssh
+    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-ssh
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ssh-keysign&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-ssh
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4a8c3d95-1ab0-46aa-83ea-eff2ea14b22d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;libexec&#x2F;openssh&#x2F;ssh-keysign&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72305</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86929r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "ssh-keysign" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-ssh
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72179\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe ssh-keysign command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged ssh commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"ssh-keysign\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-ssh\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"ssh-keysign\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-ssh\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72179\"\n  tag rid: \"SV-86803r3_rule\"\n  tag stig_id: \"RHEL-07-030780\"\n  tag fix_id: \"F-78533r4_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/libexec/openssh/ssh-keysign'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/libexec/openssh/ssh-keysign" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/libexec/openssh/ssh-keysign" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72305</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86929r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP
-daemon is configured to operate in secure mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+daemon is configured to operate in secure mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Restricting TFTP to a specific directory prevents remote users from
-copying, transferring, or overwriting system files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+copying, transferring, or overwriting system files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the TFTP daemon is configured to operate in secure mode.
 
     Check to see if a TFTP server has been installed with the following
@@ -8386,128 +8001,122 @@ commands:
     If a TFTP server is installed, check for the server arguments with the
 following command:
 
-    # grep server_args &#x2F;etc&#x2F;xinetd.d&#x2F;tftp
-    server_args &#x3D; -s &#x2F;var&#x2F;lib&#x2F;tftpboot
+    # grep server_args /etc/xinetd.d/tftp
+    server_args = -s /var/lib/tftpboot
 
-    If the &quot;server_args&quot; line does not have a &quot;-s&quot; option and a
-subdirectory is not assigned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "server_args" line does not have a "-s" option and a
+subdirectory is not assigned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the TFTP daemon to operate in secure mode by adding the following
-line to &quot;&#x2F;etc&#x2F;xinetd.d&#x2F;tftp&quot; (or modify the line to have the required value):
-
-    server_args &#x3D; -s &#x2F;var&#x2F;lib&#x2F;tftpboot</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>db07af21-c802-416d-8d80-feab14547d44</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The TFTP package is not installed
-If a TFTP server is not installed, this is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71913</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86537r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010170</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
+
+    server_args = -s /var/lib/tftpboot</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72305\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP\ndaemon is configured to operate in secure mode.\"\n  desc  \"Restricting TFTP to a specific directory prevents remote users from\ncopying, transferring, or overwriting system files.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the TFTP daemon is configured to operate in secure mode.\n\n    Check to see if a TFTP server has been installed with the following\ncommands:\n\n    # yum list installed tftp-server\n    tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms\n\n    If a TFTP server is not installed, this is Not Applicable.\n\n    If a TFTP server is installed, check for the server arguments with the\nfollowing command:\n\n    # grep server_args /etc/xinetd.d/tftp\n    server_args = -s /var/lib/tftpboot\n\n    If the \\\"server_args\\\" line does not have a \\\"-s\\\" option and a\nsubdirectory is not assigned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the TFTP daemon to operate in secure mode by adding the following\nline to \\\"/etc/xinetd.d/tftp\\\" (or modify the line to have the required value):\n\n    server_args = -s /var/lib/tftpboot\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72305\"\n  tag rid: \"SV-86929r3_rule\"\n  tag stig_id: \"RHEL-07-040720\"\n  tag fix_id: \"F-78659r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if package('tftp-server').installed?\n    impact 0.5\n    describe command('grep server_args /etc/xinetd.d/tftp') do\n      its('stdout.strip') { should match %r{^\\s*server_args\\s+=\\s+(-s|--secure)\\s(\\/\\S+)$} }\n    end\n  else\n    impact 0.0\n    describe \"The TFTP package is not installed\" do\n      skip \"If a TFTP server is not installed, this is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The TFTP package is not installed :: SKIP_MESSAGE If a TFTP server is not installed, this is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71913</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86537r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010170</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed a minimum of four character classes must be
-changed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+changed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -8516,289 +8125,279 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;minclass&quot; option sets the minimum number of required classes of
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "minclass" option sets the minimum number of required classes of
 characters for the new password (digits, upper-case, lower-case, others).
 
-    Check for the value of the &quot;minclass&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "minclass" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep minclass &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    minclass &#x3D; 4
+    # grep minclass /etc/security/pwquality.conf
+    minclass = 4
 
-    If the value of &quot;minclass&quot; is set to less than &quot;4&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "minclass" is set to less than "4", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of at least four
-character classes when passwords are changed by setting the &quot;minclass&quot; option.
+character classes when passwords are changed by setting the "minclass" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf conf&quot; (or modify
+    Add the following line to "/etc/security/pwquality.conf conf" (or modify
 the line to have the required value):
 
-    minclass &#x3D; 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e74608cc-c124-4278-b617-1650990dcfd5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf minclass.to_i is expected to cmp &gt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87813r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    minclass = 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71913\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed a minimum of four character classes must be\nchanged.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"minclass\\\" option sets the minimum number of required classes of\ncharacters for the new password (digits, upper-case, lower-case, others).\n\n    Check for the value of the \\\"minclass\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep minclass /etc/security/pwquality.conf\n    minclass = 4\n\n    If the value of \\\"minclass\\\" is set to less than \\\"4\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of at least four\ncharacter classes when passwords are changed by setting the \\\"minclass\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf conf\\\" (or modify\nthe line to have the required value):\n\n    minclass = 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71913\"\n  tag rid: \"SV-86537r2_rule\"\n  tag stig_id: \"RHEL-07-010170\"\n  tag fix_id: \"F-78265r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('minclass.to_i') { should cmp &gt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf minclass.to_i is expected to cmp &gt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87813r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent binary
 files from being executed on file systems that are being imported via Network
-File System (NFS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;noexec&quot; mount option causes the system to not execute binary
+File System (NFS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "noexec" mount option causes the system to not execute binary
 files. This option must be used for mounting any file system not containing
 approved binary files as they may be incompatible. Executing files from
 untrusted file systems increases the opportunity for unprivileged users to
-attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that are being NFS imported are configured with the
-&quot;noexec&quot; option.
+"noexec" option.
 
     Find the file system(s) that contain the directories being imported with
 the following command:
 
-    # more &#x2F;etc&#x2F;fstab | grep nfs
+    # more /etc/fstab | grep nfs
 
-    UUID&#x3D;e06097bb-cfcd-437b-9e4d-a691f5662a7d &#x2F;store nfs rw,noexec 0 0
+    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,noexec 0 0
 
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to NFS and it does not have
-the &quot;noexec&quot; option set, and use of NFS imported binaries is not documented
+    If a file system found in "/etc/fstab" refers to NFS and it does not have
+the "noexec" option set, and use of NFS imported binaries is not documented
 with the Information System Security Officer (ISSO) as an operational
 requirement, this is a finding.
 
-    Verify the NFS is mounted with the &quot;noexec&quot;option:
+    Verify the NFS is mounted with the "noexec"option:
 
     # mount | grep nfs | grep noexec
     If no results are returned and use of NFS imported binaries is not
 documented with the Information System Security Officer (ISSO) as an
-operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;noexec&quot; option on
-file systems that are being imported via NFS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0c212884-7050-4191-94b1-75437af096a0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72433</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87057r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "noexec" option on
+file systems that are being imported via NFS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73161\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent binary\nfiles from being executed on file systems that are being imported via Network\nFile System (NFS).\"\n  desc  \"The \\\"noexec\\\" mount option causes the system to not execute binary\nfiles. This option must be used for mounting any file system not containing\napproved binary files as they may be incompatible. Executing files from\nuntrusted file systems increases the opportunity for unprivileged users to\nattain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that are being NFS imported are configured with the\n\\\"noexec\\\" option.\n\n    Find the file system(s) that contain the directories being imported with\nthe following command:\n\n    # more /etc/fstab | grep nfs\n\n    UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d /store nfs rw,noexec 0 0\n\n    If a file system found in \\\"/etc/fstab\\\" refers to NFS and it does not have\nthe \\\"noexec\\\" option set, and use of NFS imported binaries is not documented\nwith the Information System Security Officer (ISSO) as an operational\nrequirement, this is a finding.\n\n    Verify the NFS is mounted with the \\\"noexec\\\"option:\n\n    # mount | grep nfs | grep noexec\n    If no results are returned and use of NFS imported binaries is not\ndocumented with the Information System Security Officer (ISSO) as an\noperational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"noexec\\\" option on\nfile systems that are being imported via NFS.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-73161\"\n  tag rid: \"SV-87813r2_rule\"\n  tag stig_id: \"RHEL-07-021021\"\n  tag fix_id: \"F-79607r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |file_system|\n      describe file_system do\n        its ('mount_options') { should include 'noexec' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72433</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87057r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
-certificate status checking for PKI authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+certificate status checking for PKI authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
 separate from the information system, ensures that even if the information
 system is compromised, that compromise will not affect credentials stored on
@@ -8821,534 +8420,505 @@ example, dial-up, broadband, and wireless.
     This requirement only applies to components where this is specific to the
 function of the device or has the concept of an organizational user (e.g., VPN,
 proxy capability). This does not apply to authentication for the purpose of
-configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements certificate status checking for PKI
 authentication.
 
     Check to see if Online Certificate Status Protocol (OCSP) is enabled on the
 system with the following command:
 
-    # grep cert_policy &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf | grep -v &quot;^#&quot;
+    # grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf | grep -v "^#"
 
-    cert_policy &#x3D; ca, ocsp_on, signature;
-    cert_policy &#x3D; ca, ocsp_on, signature;
-    cert_policy &#x3D; ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
+    cert_policy = ca, ocsp_on, signature;
 
     There should be at least three lines returned.
 
-    If &quot;ocsp_on&quot; is not present in all uncommented &quot;cert_policy&quot; lines in
-&quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ocsp_on" is not present in all uncommented "cert_policy" lines in
+"/etc/pam_pkcs11/pam_pkcs11.conf", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to do certificate status checking for PKI
 authentication.
 
-    Modify all of the &quot;cert_policy&quot; lines in
-&quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot; to include &quot;ocsp_on&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9f3eaa77-f199-4436-9935-8bf4a922d417</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf is expected to exist
-expected File &#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72175</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86799r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030760</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify all of the "cert_policy" lines in
+"/etc/pam_pkcs11/pam_pkcs11.conf" to include "ocsp_on".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72433\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncertificate status checking for PKI authentication.\"\n  desc  \"Using an authentication device, such as a CAC or token that is\nseparate from the information system, ensures that even if the information\nsystem is compromised, that compromise will not affect credentials stored on\nthe authentication device.\n\n    Multifactor solutions that require devices separate from information\nsystems gaining access include, for example, hardware tokens providing\ntime-based or challenge-response authenticators and smart cards such as the\nU.S. Government Personal Identity Verification card and the DoD Common Access\nCard.\n\n    A privileged account is defined as an information system account with\nauthorizations of a privileged user.\n\n    Remote access is access to DoD nonpublic information systems by an\nauthorized user (or an information system) communicating through an external,\nnon-organization-controlled network. Remote access methods include, for\nexample, dial-up, broadband, and wireless.\n\n    This requirement only applies to components where this is specific to the\nfunction of the device or has the concept of an organizational user (e.g., VPN,\nproxy capability). This does not apply to authentication for the purpose of\nconfiguring the device itself (management).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements certificate status checking for PKI\nauthentication.\n\n    Check to see if Online Certificate Status Protocol (OCSP) is enabled on the\nsystem with the following command:\n\n    # grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf | grep -v \\\"^#\\\"\n\n    cert_policy = ca, ocsp_on, signature;\n    cert_policy = ca, ocsp_on, signature;\n    cert_policy = ca, ocsp_on, signature;\n\n    There should be at least three lines returned.\n\n    If \\\"ocsp_on\\\" is not present in all uncommented \\\"cert_policy\\\" lines in\n\\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to do certificate status checking for PKI\nauthentication.\n\n    Modify all of the \\\"cert_policy\\\" lines in\n\\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\" to include \\\"ocsp_on\\\".\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\",\n\"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72433\"\n  tag rid: \"SV-87057r5_rule\"\n  tag stig_id: \"RHEL-07-041003\"\n  tag fix_id: \"F-78785r3_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  smart_card_status = input('smart_card_status')\n\n  if smart_card_status.eql?('enabled')\n    impact 0.5\n    if ((pam_file = file('/etc/pam_pkcs11/pam_pkcs11.conf')).exist?)\n      cert_policy_lines = (pam_file.content.nil?)?[]:\n        pam_file.content.lines.grep(%r{^(?!.+#).*cert_policy}i)\n      if (cert_policy_lines.length &lt; 3)\n        describe \"should contain at least 3 cert policy lines\" do\n          subject { cert_policy_lines.length }\n          it { should &gt;= 3 }\n        end\n      else\n        describe \"each cert policy line should include oscp_on\" do\n          cert_policy_lines.each do |line|\n           subject { line }\n           it { should match %r{=[^;]*ocsp_on}i }\n\t  end\n        end\n      end\n    else\n      describe pam_file do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system is not smartcard enabled\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/pam_pkcs11/pam_pkcs11.conf is expected to exist :: MESSAGE expected File /etc/pam_pkcs11/pam_pkcs11.conf to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72175</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86799r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030760</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the postdrop command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the postdrop command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged postfix commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postdrop&quot; command occur.
+successful/unsuccessful attempts to use the "postdrop" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;postdrop &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/postdrop /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postdrop -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-postfix
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postdrop&quot; command occur.
+successful/unsuccessful attempts to use the "postdrop" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postdrop -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-postfix
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b36e260a-a75b-44ad-b29d-4570553c5465</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postdrop&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postdrop&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72129</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86753r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72175\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe postdrop command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged postfix commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"postdrop\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/sbin/postdrop /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-postfix\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"postdrop\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-postfix\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72175\"\n  tag rid: \"SV-86799r4_rule\"\n  tag stig_id: \"RHEL-07-030760\"\n  tag fix_id: \"F-78529r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/postdrop'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/postdrop" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/postdrop" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72129</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86753r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030530</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the open_by_handle_at syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the open_by_handle_at syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open_by_handle_at&quot; syscall occur.
+successful/unsuccessful attempts to use the "open_by_handle_at" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw open_by_handle_at &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw open_by_handle_at /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;open_by_handle_at&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"open_by_handle_at" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open_by_handle_at&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EPERM -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open_by_handle_at -F exit&#x3D;-EACCES -F
-auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f1bc18de-ef7c-4cae-933d-99587df8ef0b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open_by_handle_at&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86855r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "open_by_handle_at" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F
+auid&gt;=1000 -F auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72129\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe open_by_handle_at syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"open_by_handle_at\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw open_by_handle_at /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"open_by_handle_at\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"open_by_handle_at\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F\nauid&gt;=1000 -F auid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72129\"\n  tag rid: \"SV-86753r5_rule\"\n  tag stig_id: \"RHEL-07-030530\"\n  tag fix_id: \"F-78481r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"open_by_handle_at\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open_by_handle_at" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86855r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -9359,626 +8929,600 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; that the LDAP is currently using:
+    Determine the "id_provider" that the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Check the path to the X.509 certificate for peer authentication with the
 following command:
 
-    # grep -i tls_cacert &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i tls_cacert /etc/sssd/sssd.conf
 
-    ldap_tls_cacert &#x3D; &#x2F;etc&#x2F;pki&#x2F;tls&#x2F;certs&#x2F;ca-bundle.crt
+    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
 
-    Verify the &quot;ldap_tls_cacert&quot; option points to a file that contains the
+    Verify the "ldap_tls_cacert" option points to a file that contains the
 trusted CA certificate.
 
     If this file does not exist, or the option is commented out or missing,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP remote access sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_tls_cacert &#x3D; &#x2F;etc&#x2F;pki&#x2F;tls&#x2F;certs&#x2F;ca-bundle.crt</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a06d2b52-485b-449c-963c-b5cc4d6fa2c2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72159</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86783r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72231\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP access sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" that the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Check the path to the X.509 certificate for peer authentication with the\nfollowing command:\n\n    # grep -i tls_cacert /etc/sssd/sssd.conf\n\n    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt\n\n    Verify the \\\"ldap_tls_cacert\\\" option points to a file that contains the\ntrusted CA certificate.\n\n    If this file does not exist, or the option is commented out or missing,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP remote access sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72231\"\n  tag rid: \"SV-86855r4_rule\"\n  tag stig_id: \"RHEL-07-040200\"\n  tag fix_id: \"F-78585r3_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  sssd_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*[a-z]*_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or sssd_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if sssd_ldap_enabled\n    ldap_tls_cacert = command('grep -i ldap_tls_cacert /etc/sssd/sssd.conf').\n      stdout.strip.scan(%r{^ldap_tls_cacert\\s*=\\s*(.*)}).last\n\n    describe \"ldap_tls_cacert\" do\n      subject { ldap_tls_cacert }\n      it { should_not eq nil }\n    end\n\n    describe file(ldap_tls_cacert.last) do\n      it { should exist }\n      it { should be_file }\n    end if !ldap_tls_cacert.nil?\n  end\n\n  if pam_ldap_enabled\n    tls_cacertfile = command('grep -i tls_cacertfile /etc/pam_ldap.conf').\n      stdout.strip.scan(%r{^tls_cacertfile\\s+(.*)}).last\n\n    describe \"tls_cacertfile\" do\n      subject { tls_cacertfile }\n      it { should_not eq nil }\n    end\n\n    describe file(tls_cacertfile.last) do\n      it { should exist }\n      it { should be_file }\n    end if !tls_cacertfile.nil?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72159</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86783r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the su command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the su command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;su&quot; command occur.
+successful/unsuccessful attempts to use the "su" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;su &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/su /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;su -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;su&quot; command occur.
+successful/unsuccessful attempts to use the "su" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;su -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e8963157-3fe3-495f-8178-89affbc47a9d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;su&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;su&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72115</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86739r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72159\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe su command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"su\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/su /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"su\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72159\"\n  tag rid: \"SV-86783r5_rule\"\n  tag stig_id: \"RHEL-07-030680\"\n  tag fix_id: \"F-78511r6_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/su'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/su" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/su" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72115</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86739r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lsetxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lsetxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lsetxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lsetxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lsetxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lsetxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"lsetxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lsetxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ba25523b-f437-42e2-9cb0-9717223e9db8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102355r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040612</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72115\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lsetxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lsetxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lsetxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lsetxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"lsetxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72115\"\n  tag rid: \"SV-86739r5_rule\"\n  tag stig_id: \"RHEL-07-030460\"\n  tag fix_id: \"F-78467r10_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lsetxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lsetxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lsetxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102355r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040612</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a reverse-path
-filter for IPv4 network traffic when possible by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+filter for IPv4 network traffic when possible by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enabling reverse path filtering drops packets with source addresses
 that should not have been able to be received on the interface they were
 received on. It should not be used on systems which are routers for complicated
-networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system uses a reverse-path filter for IPv4:
 
-    # grep net.ipv4.conf.default.rp_filter &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    # grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+    net.ipv4.conf.default.rp_filter = 1
 
-    If &quot;net.ipv4.conf.default.rp_filter&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If "net.ipv4.conf.default.rp_filter" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.default.rp_filter
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter
+    net.ipv4.conf.default.rp_filter = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.rp_filter &#x3D; 1
+    net.ipv4.conf.default.rp_filter = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3bcf9320-5998-455c-a858-2ade4c0938dd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.rp_filter value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72223</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86847r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92253\" do\n  title \"The Red Hat Enterprise Linux operating system must use a reverse-path\nfilter for IPv4 network traffic when possible by default.\"\n  desc  \"Enabling reverse path filtering drops packets with source addresses\nthat should not have been able to be received on the interface they were\nreceived on. It should not be used on systems which are routers for complicated\nnetworks, but is helpful for end hosts and routers serving small networks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system uses a reverse-path filter for IPv4:\n\n    # grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/*\n    net.ipv4.conf.default.rp_filter = 1\n\n    If \\\"net.ipv4.conf.default.rp_filter\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter\n    net.ipv4.conf.default.rp_filter = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.rp_filter = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-92253\"\n  tag rid: \"SV-102355r1_rule\"\n  tag stig_id: \"RHEL-07-040612\"\n  tag fix_id: \"F-98475r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.rp_filter') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.rp_filter value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72223</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86847r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with a communication session are
 terminated at the end of the session or after 10 minutes of inactivity from the
 user at a command prompt, except to fulfill documented and validated mission
-requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -9986,318 +9530,307 @@ unattended. In addition, quickly terminating an idle session will also free up
 resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system terminates all network connections associated
 with a communications session at the end of the session or based on inactivity.
 
     Check the value of the system inactivity timeout with the following command:
 
-    # grep -i tmout &#x2F;etc&#x2F;profile.d&#x2F;*
+    # grep -i tmout /etc/profile.d/*
 
-    etc&#x2F;profile.d&#x2F;tmout.sh:TMOUT&#x3D;600
+    etc/profile.d/tmout.sh:TMOUT=600
 
-    &#x2F;etc&#x2F;profile.d&#x2F;tmout.sh:readonly TMOUT
+    /etc/profile.d/tmout.sh:readonly TMOUT
 
-    &#x2F;etc&#x2F;profile.d&#x2F;tmout.sh:export TMOUT
+    /etc/profile.d/tmout.sh:export TMOUT
 
-    If &quot;TMOUT&quot; is not set to &quot;600&quot; or less in a script located in the
-&#x2F;etc&#x2F;profile.d&#x2F; directory to enforce session termination after inactivity, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "TMOUT" is not set to "600" or less in a script located in the
+/etc/profile.d/ directory to enforce session termination after inactivity, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to terminate all network connections
 associated with a communications session at the end of the session or after a
 period of inactivity.
 
     Create a script to enforce the inactivity timeout (for example
-&#x2F;etc&#x2F;profile.d&#x2F;tmout.sh) such as:
+/etc/profile.d/tmout.sh) such as:
 
-    #!&#x2F;bin&#x2F;bash
+    #!/bin/bash
 
-    TMOUT&#x3D;600
+    TMOUT=600
     readonly TMOUT
-    export TMOUT</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>812fa482-9734-4360-b62d-9e5782d8f94a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Environment variable TMOUT is expected to be &lt;&#x3D; 600
---------------------------------
-passed
-The TMOUT setting is configured properly is expected to be &lt;&#x3D; 600</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71995</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00228</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86619r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    export TMOUT</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72223\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with a communication session are\nterminated at the end of the session or after 10 minutes of inactivity from the\nuser at a command prompt, except to fulfill documented and validated mission\nrequirements.\"\n  desc  \"Terminating an idle session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle session will also free up\nresources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system terminates all network connections associated\nwith a communications session at the end of the session or based on inactivity.\n\n    Check the value of the system inactivity timeout with the following command:\n\n    # grep -i tmout /etc/profile.d/*\n\n    etc/profile.d/tmout.sh:TMOUT=600\n\n    /etc/profile.d/tmout.sh:readonly TMOUT\n\n    /etc/profile.d/tmout.sh:export TMOUT\n\n    If \\\"TMOUT\\\" is not set to \\\"600\\\" or less in a script located in the\n/etc/profile.d/ directory to enforce session termination after inactivity, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to terminate all network connections\nassociated with a communications session at the end of the session or after a\nperiod of inactivity.\n\n    Create a script to enforce the inactivity timeout (for example\n/etc/profile.d/tmout.sh) such as:\n\n    #!/bin/bash\n\n    TMOUT=600\n    readonly TMOUT\n    export TMOUT\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag gid: \"V-72223\"\n  tag rid: \"SV-86847r4_rule\"\n  tag stig_id: \"RHEL-07-040160\"\n  tag fix_id: \"F-78577r5_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  system_activity_timeout = input('system_activity_timeout')\n\n  # Get current TMOUT environment variable (active test)\n  describe 'Environment variable TMOUT' do\n    subject { os_env('TMOUT').content.to_i }\n    it { should be &lt;= system_activity_timeout }\n  end\n\n  # Check if TMOUT is set in files (passive test)\n  files = ['/etc/bashrc'] + ['/etc/profile'] + command(\"find /etc/profile.d/*\").stdout.split(\"\\n\")\n  latest_val = nil\n\n  files.each do |file|\n    readonly = false\n\n    # Skip to next file if TMOUT isn't present. Otherwise, get the last occurrence of TMOUT\n    next if (values = command(\"grep -Po '.*TMOUT.*' #{file}\").stdout.split(\"\\n\")).empty?\n\n    # Loop through each TMOUT match and see if set TMOUT's value or makes it readonly\n    values.each_with_index { |value, index|\n\n      # Skip if starts with '#' - it represents a comment\n      next if !value.match(/^#/).nil?\n      # If readonly and value is inline - use that value\n      if !value.match(/^readonly[\\s]+TMOUT[\\s]*=[\\s]*[\\d]+$/).nil?\n        latest_val = value.match(/[\\d]+/)[0].to_i\n        readonly = true\n        break\n      # If readonly, but, value is not inline - use the most recent value\n      elsif !value.match(/^readonly[\\s]+([\\w]+[\\s]+)?TMOUT[\\s]*([\\s]+[\\w]+[\\s]*)*$/).nil?\n        # If the index is greater than 0, the configuraiton setting value.\n        # Otherwise, the configuration setting value is in the previous file\n        # and is already set in latest_val.\n        if index &gt;= 1\n          latest_val = values[index - 1].match(/[\\d]+/)[0].to_i\n        end\n        readonly = true\n        break\n      # Readonly is not set use the lastest value\n      else\n        latest_val = value.match(/[\\d]+/)[0].to_i\n      end\n    }\n   # Readonly is set - stop processing files\n    break if readonly === true\n  end\n\n  if latest_val.nil?\n    describe \"The TMOUT setting is configured\" do\n      subject { !latest_val.nil? }\n      it { should be true }\n    end\n  else\n    describe\"The TMOUT setting is configured properly\" do\n      subject { latest_val }\n      it { should be &lt;= system_activity_timeout }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Environment variable TMOUT is expected to be &lt;= 600
+--------------------------------
+passed :: TEST The TMOUT setting is configured properly is expected to be &lt;= 600</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71995</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00228</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86619r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must define default
 permissions for all authenticated users in such a way that the user can only
-read and modify their own files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+read and modify their own files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Setting the most restrictive default permissions ensures that when new
-accounts are created, they do not have unnecessary access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts are created, they do not have unnecessary access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system defines default permissions for all
 authenticated users in such a way that the user can only read and modify their
 own files.
 
-    Check for the value of the &quot;UMASK&quot; parameter in &quot;&#x2F;etc&#x2F;login.defs&quot; file
+    Check for the value of the "UMASK" parameter in "/etc/login.defs" file
 with the following command:
 
-    Note: If the value of the &quot;UMASK&quot; parameter is set to &quot;000&quot; in
-&quot;&#x2F;etc&#x2F;login.defs&quot; file, the Severity is raised to a CAT I.
+    Note: If the value of the "UMASK" parameter is set to "000" in
+"/etc/login.defs" file, the Severity is raised to a CAT I.
 
-    # grep -i umask &#x2F;etc&#x2F;login.defs
+    # grep -i umask /etc/login.defs
     UMASK  077
 
-    If the value for the &quot;UMASK&quot; parameter is not &quot;077&quot;, or the &quot;UMASK&quot;
-parameter is missing or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value for the "UMASK" parameter is not "077", or the "UMASK"
+parameter is missing or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to define default permissions for all
 authenticated users in such a way that the user can only read and modify their
 own files.
 
-    Add or edit the line for the &quot;UMASK&quot; parameter in &quot;&#x2F;etc&#x2F;login.defs&quot;
-file to &quot;077&quot;:
-
-    UMASK  077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>76b439fe-c613-4218-8627-38eaef6ceb2b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs UMASK is expected to eq &quot;077&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72071</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86695r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or edit the line for the "UMASK" parameter in "/etc/login.defs"
+file to "077":
+
+    UMASK  077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71995\" do\n  title \"The Red Hat Enterprise Linux operating system must define default\npermissions for all authenticated users in such a way that the user can only\nread and modify their own files.\"\n  desc  \"Setting the most restrictive default permissions ensures that when new\naccounts are created, they do not have unnecessary access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system defines default permissions for all\nauthenticated users in such a way that the user can only read and modify their\nown files.\n\n    Check for the value of the \\\"UMASK\\\" parameter in \\\"/etc/login.defs\\\" file\nwith the following command:\n\n    Note: If the value of the \\\"UMASK\\\" parameter is set to \\\"000\\\" in\n\\\"/etc/login.defs\\\" file, the Severity is raised to a CAT I.\n\n    # grep -i umask /etc/login.defs\n    UMASK  077\n\n    If the value for the \\\"UMASK\\\" parameter is not \\\"077\\\", or the \\\"UMASK\\\"\nparameter is missing or is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to define default permissions for all\nauthenticated users in such a way that the user can only read and modify their\nown files.\n\n    Add or edit the line for the \\\"UMASK\\\" parameter in \\\"/etc/login.defs\\\"\nfile to \\\"077\\\":\n\n    UMASK  077\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00228\"\n  tag gid: \"V-71995\"\n  tag rid: \"SV-86619r2_rule\"\n  tag stig_id: \"RHEL-07-020240\"\n  tag fix_id: \"F-78347r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n\n  if login_defs.read_params[\"UMASK\"].eql?('000')\n    impact 0.7\n  else\n    impact 0.5\n  end\n  describe login_defs do\n    its('UMASK') { should eq '077' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs UMASK is expected to eq "077"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72071</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86695r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the file integrity tool is configured to verify extended attributes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the file integrity tool is configured to verify extended attributes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Extended attributes in file systems are used to contain arbitrary data
-and file metadata with security implications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and file metadata with security implications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to verify extended attributes.
 
     Check to see if Advanced Intrusion Detection Environment (AIDE) is
@@ -10312,311 +9845,300 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;xattrs&quot; rule has been
+    Check the "aide.conf" file to determine if the "xattrs" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;xattrs&quot; rule follows:
+    An example rule that includes the "xattrs" rule follows:
 
-    All&#x3D; p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;xattrs&quot; rule is not being used on all uncommented selection lines
-in the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or extended attributes are not being checked by
-another file integrity tool, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "xattrs" rule is not being used on all uncommented selection lines
+in the "/etc/aide.conf" file, or extended attributes are not being checked by
+another file integrity tool, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to check file and directory extended
 attributes.
 
-    If AIDE is installed, ensure the &quot;xattrs&quot; rule is present on all
-uncommented file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ecd569e2-a7b1-43b9-b1af-82dc41ea2fec</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;xattrs&#39; rule is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71929</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86553r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010250</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "xattrs" rule is present on all
+uncommented file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72071\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file integrity tool is configured to verify extended attributes.\"\n  desc  \"Extended attributes in file systems are used to contain arbitrary data\nand file metadata with security implications.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to verify extended attributes.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"xattrs\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"xattrs\\\" rule follows:\n\n    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"xattrs\\\" rule is not being used on all uncommented selection lines\nin the \\\"/etc/aide.conf\\\" file, or extended attributes are not being checked by\nanother file integrity tool, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to check file and directory extended\nattributes.\n\n    If AIDE is installed, ensure the \\\"xattrs\\\" rule is present on all\nuncommented file and directory selection lists.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72071\"\n  tag rid: \"SV-86695r3_rule\"\n  tag stig_id: \"RHEL-07-021610\"\n  tag fix_id: \"F-78423r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  findings = []\n  aide_conf.where { !selection_line.start_with? '!' }.entries.each do |selection|\n    unless selection.rules.include? 'xattrs'\n      findings.append(selection.selection_line)\n    end\n  end\n\n  describe \"List of monitored files/directories without 'xattrs' rule\" do\n    subject { findings }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'xattrs' rule is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71929</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86553r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010250</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords for new users are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords for new users are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked.
 Therefore, passwords need to be changed periodically. If the operating system
 does not limit the lifetime of passwords and force users to change their
 passwords, there is the risk that the operating system passwords could be
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system enforces a 60-day maximum password lifetime
 restriction for new user accounts.
 
-    Check for the value of &quot;PASS_MAX_DAYS&quot; in &quot;&#x2F;etc&#x2F;login.defs&quot; with the
+    Check for the value of "PASS_MAX_DAYS" in "/etc/login.defs" with the
 following command:
 
-    # grep -i pass_max_days &#x2F;etc&#x2F;login.defs
+    # grep -i pass_max_days /etc/login.defs
     PASS_MAX_DAYS 60
 
-    If the &quot;PASS_MAX_DAYS&quot; parameter value is not 60 or less, or is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PASS_MAX_DAYS" parameter value is not 60 or less, or is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce a 60-day maximum password
 lifetime restriction.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;login.defs&quot; (or modify the line to have
+    Add the following line in "/etc/login.defs" (or modify the line to have
 the required value):
 
-    PASS_MAX_DAYS     60</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f789f6f0-6179-4b4c-8342-3a54d06dc675</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs PASS_MAX_DAYS.to_i is expected to cmp &lt;&#x3D; 60</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71985</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86609r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    PASS_MAX_DAYS     60</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71929\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords for new users are restricted to a 60-day maximum lifetime.\"\n  desc  \"Any password, no matter how complex, can eventually be cracked.\nTherefore, passwords need to be changed periodically. If the operating system\ndoes not limit the lifetime of passwords and force users to change their\npasswords, there is the risk that the operating system passwords could be\ncompromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system enforces a 60-day maximum password lifetime\nrestriction for new user accounts.\n\n    Check for the value of \\\"PASS_MAX_DAYS\\\" in \\\"/etc/login.defs\\\" with the\nfollowing command:\n\n    # grep -i pass_max_days /etc/login.defs\n    PASS_MAX_DAYS 60\n\n    If the \\\"PASS_MAX_DAYS\\\" parameter value is not 60 or less, or is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce a 60-day maximum password\nlifetime restriction.\n\n    Add the following line in \\\"/etc/login.defs\\\" (or modify the line to have\nthe required value):\n\n    PASS_MAX_DAYS     60\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000076-GPOS-00044\"\n  tag gid: \"V-71929\"\n  tag rid: \"SV-86553r2_rule\"\n  tag stig_id: \"RHEL-07-010250\"\n  tag fix_id: \"F-78281r1_fix\"\n  tag cci: [\"CCI-000199\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('PASS_MAX_DAYS.to_i') { should cmp &lt;= 60 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs PASS_MAX_DAYS.to_i is expected to cmp &lt;= 60</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71985</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86609r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable the file
-system automounter unless required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system automounter unless required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Automatically mounting file systems permits easy introduction of
-unknown devices, thereby facilitating malicious activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unknown devices, thereby facilitating malicious activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system disables the ability to automount devices.
 
     Check to see if automounter service is active with the following command:
 
     # systemctl status autofs
     autofs.service - Automounts filesystems on demand
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;autofs.service; disabled)
+       Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)
        Active: inactive (dead)
 
-    If the &quot;autofs&quot; status is set to &quot;active&quot; and is not documented with
+    If the "autofs" status is set to "active" and is not documented with
 the Information System Security Officer (ISSO) as an operational requirement,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to automount devices.
 
     Turn off the automount service with the following commands:
@@ -10624,143 +10146,136 @@ this is a finding.</ATTRIBUTE_DATA>
     # systemctl stop autofs
     # systemctl disable autofs
 
-    If &quot;autofs&quot; is required for Network File System (NFS), it must be
-documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>50302953-1bfa-4e2a-a791-8db4ce85a5e2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service autofs.service is expected not to be running
---------------------------------
-passed
-Service autofs.service is expected not to be enabled
---------------------------------
-passed
-Service autofs.service is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71993</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86617r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "autofs" is required for Network File System (NFS), it must be
+documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71985\" do\n  title \"The Red Hat Enterprise Linux operating system must disable the file\nsystem automounter unless required.\"\n  desc  \"Automatically mounting file systems permits easy introduction of\nunknown devices, thereby facilitating malicious activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system disables the ability to automount devices.\n\n    Check to see if automounter service is active with the following command:\n\n    # systemctl status autofs\n    autofs.service - Automounts filesystems on demand\n       Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)\n       Active: inactive (dead)\n\n    If the \\\"autofs\\\" status is set to \\\"active\\\" and is not documented with\nthe Information System Security Officer (ISSO) as an operational requirement,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to automount devices.\n\n    Turn off the automount service with the following commands:\n\n    # systemctl stop autofs\n    # systemctl disable autofs\n\n    If \\\"autofs\\\" is required for Network File System (NFS), it must be\ndocumented with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000114-GPOS-00059\"\n  tag satisfies: [\"SRG-OS-000114-GPOS-00059\", \"SRG-OS-000378-GPOS-00163\",\n\"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-71985\"\n  tag rid: \"SV-86609r2_rule\"\n  tag stig_id: \"RHEL-07-020110\"\n  tag fix_id: \"F-78337r2_fix\"\n  tag cci: [\"CCI-000366\", \"CCI-000778\", \"CCI-001958\"]\n  tag nist: [\"CM-6 b\", \"IA-3\", \"IA-3\", \"Rev_4\"]\n\n  describe systemd_service('autofs.service') do\n    it { should_not be_running }\n    it { should_not be_enabled }\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service autofs.service is expected not to be running
+--------------------------------
+passed :: TEST Service autofs.service is expected not to be enabled
+--------------------------------
+passed :: TEST Service autofs.service is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71993</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86617r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A locally logged-on user who presses Ctrl-Alt-Delete, when at the
 console, can reboot the system. If accidentally pressed, as could happen in the
 case of a mixed OS environment, this can create the risk of short-term loss of
 availability of systems due to unintentional reboot. In the GNOME graphical
 environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is
-reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is not configured to reboot the system when
 Ctrl-Alt-Delete is pressed.
 
@@ -10770,870 +10285,816 @@ following command:
     # systemctl status ctrl-alt-del.target
 
     ctrl-alt-del.target
-    Loaded: masked (&#x2F;dev&#x2F;null; bad)
+    Loaded: masked (/dev/null; bad)
     Active: inactive (dead)
 
     If the ctrl-alt-del.target is not masked, this is a finding.
 
-    If the ctrl-alt-del.target is active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the ctrl-alt-del.target is active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable the Ctrl-Alt-Delete sequence for the
 command line with the following command:
 
-    # systemctl mask ctrl-alt-del.target</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3e95e825-0566-4622-b022-a21128a2df25</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service ctrl-alt-del.target is expected not to be running
---------------------------------
-passed
-Service ctrl-alt-del.target is expected not to be enabled</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000327-GPOS-00127</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86719r7_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl mask ctrl-alt-del.target</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71993\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.\"\n  desc  \"A locally logged-on user who presses Ctrl-Alt-Delete, when at the\nconsole, can reboot the system. If accidentally pressed, as could happen in the\ncase of a mixed OS environment, this can create the risk of short-term loss of\navailability of systems due to unintentional reboot. In the GNOME graphical\nenvironment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is\nreduced because the user will be prompted before any action is taken.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is not configured to reboot the system when\nCtrl-Alt-Delete is pressed.\n\n    Check that the ctrl-alt-del.target is masked and not active with the\nfollowing command:\n\n    # systemctl status ctrl-alt-del.target\n\n    ctrl-alt-del.target\n    Loaded: masked (/dev/null; bad)\n    Active: inactive (dead)\n\n    If the ctrl-alt-del.target is not masked, this is a finding.\n\n    If the ctrl-alt-del.target is active, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable the Ctrl-Alt-Delete sequence for the\ncommand line with the following command:\n\n    # systemctl mask ctrl-alt-del.target\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71993\"\n  tag rid: \"SV-86617r5_rule\"\n  tag stig_id: \"RHEL-07-020230\"\n  tag fix_id: \"F-78345r6_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe systemd_service('ctrl-alt-del.target') do\n    it { should_not be_running }\n    it { should_not be_enabled }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service ctrl-alt-del.target is expected not to be running
+--------------------------------
+passed :: TEST Service ctrl-alt-del.target is expected not to be enabled</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000327-GPOS-00127</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86719r7_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all
-executions of privileged functions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+executions of privileged functions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Misuse of privileged functions, either intentionally or
 unintentionally by authorized users, or by unauthorized external entities that
 have compromised information system accounts, is a serious and ongoing concern
 and can have significant adverse impacts on organizations. Auditing the use of
 privileged functions is one way to detect such misuse and identify the risk
-from insider threats and the advanced persistent threat.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+from insider threats and the advanced persistent threat.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system audits the execution of privileged functions
 using the following command:
 
-    # grep -iw execve &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw execve /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b64 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b32 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-    -a always,exit -F arch&#x3D;b64 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
+    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid
+    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid
 
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules for &quot;SUID&quot; files are not
+    If both the "b32" and "b64" audit rules for "SUID" files are not
 defined, this is a finding.
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules for &quot;SGID&quot; files are not
-defined, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules for "SGID" files are not
+defined, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to audit the execution of privileged
 functions.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b64 -S execve -C uid!&#x3D;euid -F euid&#x3D;0 -k setuid
-    -a always,exit -F arch&#x3D;b32 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-    -a always,exit -F arch&#x3D;b64 -S execve -C gid!&#x3D;egid -F egid&#x3D;0 -k setgid
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>40f4f393-94bc-4968-bfe9-f5a026aded1f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002234</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; action.uniq is expected to eq [&quot;always&quot;]
-
-expected: [&quot;always&quot;]
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid
+    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid
+    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72095\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all\nexecutions of privileged functions.\"\n  desc  \"Misuse of privileged functions, either intentionally or\nunintentionally by authorized users, or by unauthorized external entities that\nhave compromised information system accounts, is a serious and ongoing concern\nand can have significant adverse impacts on organizations. Auditing the use of\nprivileged functions is one way to detect such misuse and identify the risk\nfrom insider threats and the advanced persistent threat.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system audits the execution of privileged functions\nusing the following command:\n\n    # grep -iw execve /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid\n    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid\n\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules for \\\"SUID\\\" files are not\ndefined, this is a finding.\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules for \\\"SGID\\\" files are not\ndefined, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to audit the execution of privileged\nfunctions.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid\n    -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid\n    -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000327-GPOS-00127\"\n  tag gid: \"V-72095\"\n  tag rid: \"SV-86719r7_rule\"\n  tag stig_id: \"RHEL-07-030360\"\n  tag fix_id: \"F-78447r9_fix\"\n  tag cci: [\"CCI-002234\"]\n  tag nist: [\"AC-6 (9)\", \"Rev_4\"]\n\n  # All execve calls should use 'always,exit'\n  describe auditd.syscall('execve') do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n\n  # Work with the SUID rules\n  describe auditd.syscall('execve').where { fields.include?('euid=0') } do\n    its ('arch.uniq') { should include 'b32' }\n    its ('arch.uniq') { should include 'b64' }\n  end\n\n  # Work with the SGID rules\n  describe auditd.syscall('execve').where { fields.include?('egid=0') } do\n    its ('arch.uniq') { should include 'b32' }\n    its ('arch.uniq') { should include 'b64' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002234</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "execve" action.uniq is expected to eq ["always"] :: MESSAGE 
+expected: ["always"]
      got: []
 
-(compared using &#x3D;&#x3D;)
+(compared using ==)
 
 --------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; list.uniq is expected to eq [&quot;exit&quot;]
-
-expected: [&quot;exit&quot;]
+passed :: TEST Auditd Rules with syscall == "execve" list.uniq is expected to eq ["exit"] :: MESSAGE 
+expected: ["exit"]
      got: []
 
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;euid&#x3D;0&quot; arch.uniq is expected to include &quot;b32&quot;
-expected [] to include &quot;b32&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;euid&#x3D;0&quot; arch.uniq is expected to include &quot;b64&quot;
-expected [] to include &quot;b64&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;egid&#x3D;0&quot; arch.uniq is expected to include &quot;b32&quot;
-expected [] to include &quot;b32&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;execve&quot; fields include? &quot;egid&#x3D;0&quot; arch.uniq is expected to include &quot;b64&quot;
-expected [] to include &quot;b64&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72127</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86751r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030520</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using ==)
+
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "euid=0" arch.uniq is expected to include "b32" :: MESSAGE expected [] to include "b32"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "euid=0" arch.uniq is expected to include "b64" :: MESSAGE expected [] to include "b64"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "egid=0" arch.uniq is expected to include "b32" :: MESSAGE expected [] to include "b32"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "execve" fields include? "egid=0" arch.uniq is expected to include "b64" :: MESSAGE expected [] to include "b64"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72127</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86751r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030520</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the openat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the openat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;openat&quot; syscall occur.
+successful/unsuccessful attempts to use the "openat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw openat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw openat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;openat&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"openat" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;openat&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S openat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5ae9c1d1-b011-4eaa-a869-685ae6be7c50</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;openat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72167</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86791r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "openat" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72127\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe openat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"openat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw openat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"openat\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"openat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72127\"\n  tag rid: \"SV-86751r5_rule\"\n  tag stig_id: \"RHEL-07-030520\"\n  tag fix_id: \"F-78479r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"openat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"openat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"openat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"openat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "openat" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72167</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86791r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chsh command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chsh command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chsh&quot; command occur.
+successful/unsuccessful attempts to use the "chsh" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chsh &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chsh /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chsh -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chsh&quot; command occur.
+successful/unsuccessful attempts to use the "chsh" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chsh -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dabca97b-7f42-42d5-8223-67ec7bc169f2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chsh&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chsh&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73171</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87823r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030873</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72167\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chsh command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chsh\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -i /usr/bin/chsh /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chsh\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72167\"\n  tag rid: \"SV-86791r4_rule\"\n  tag stig_id: \"RHEL-07-030720\"\n  tag fix_id: \"F-78521r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chsh'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chsh" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chsh" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73171</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87823r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030873</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;shadow.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/shadow.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;shadow.
+/etc/shadow.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;shadow &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/shadow /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;shadow -p wa -k identity
+    -w /etc/shadow -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;shadow.
+/etc/shadow.
 
     Add or update the following file system rule in
-&quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;shadow -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ccd0b9b4-8330-47ab-8787-d108357abd85</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;shadow&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;shadow&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72297</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86921r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/audit/rules.d/audit.rules":
+
+    -w /etc/shadow -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73171\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/shadow.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/shadow.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/shadow /etc/audit/audit.rules\n\n    -w /etc/shadow -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/shadow.\n\n    Add or update the following file system rule in\n\\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/shadow -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73171\"\n  tag rid: \"SV-87823r4_rule\"\n  tag stig_id: \"RHEL-07-030873\"\n  tag fix_id: \"F-79617r4_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/shadow'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/shadow" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/shadow" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72297</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86921r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-prevent unrestricted mail relaying.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+prevent unrestricted mail relaying.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If unrestricted mail relaying is permitted, unauthorized senders could
 use this host as a mail relay for the purpose of sending spam or other
-unauthorized activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is configured to prevent unrestricted mail relaying.
 
-    Determine if &quot;postfix&quot; is installed with the following commands:
+    Determine if "postfix" is installed with the following commands:
 
     # yum list installed postfix
     postfix-2.6.6-6.el7.x86_64.rpm
@@ -11644,474 +11105,449 @@ unauthorized activity.</ATTRIBUTE_DATA>
 connections from unknown or untrusted networks with the following command:
 
     # postconf -n smtpd_client_restrictions
-    smtpd_client_restrictions &#x3D; permit_mynetworks, reject
-
-    If the &quot;smtpd_client_restrictions&quot; parameter contains any entries other
-than &quot;permit_mynetworks&quot; and &quot;reject&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If &quot;postfix&quot; is installed, modify the &quot;&#x2F;etc&#x2F;postfix&#x2F;main.cf&quot; file to
+    smtpd_client_restrictions = permit_mynetworks, reject
+
+    If the "smtpd_client_restrictions" parameter contains any entries other
+than "permit_mynetworks" and "reject", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If "postfix" is installed, modify the "/etc/postfix/main.cf" file to
 restrict client connections to the local network with the following command:
 
-    # postconf -e &#39;smtpd_client_restrictions &#x3D; permit_mynetworks,reject&#39;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>85815a08-d1d5-46cc-9caa-9844e229cf79</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;postconf -n smtpd_client_restrictions&#x60; stdout.strip is expected to match &#x2F;^smtpd_client_restrictions\s+&#x3D;\s+permit_mynetworks,\s*reject\s*$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86787r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72297\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nprevent unrestricted mail relaying.\"\n  desc  \"If unrestricted mail relaying is permitted, unauthorized senders could\nuse this host as a mail relay for the purpose of sending spam or other\nunauthorized activity.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is configured to prevent unrestricted mail relaying.\n\n    Determine if \\\"postfix\\\" is installed with the following commands:\n\n    # yum list installed postfix\n    postfix-2.6.6-6.el7.x86_64.rpm\n\n    If postfix is not installed, this is Not Applicable.\n\n    If postfix is installed, determine if it is configured to reject\nconnections from unknown or untrusted networks with the following command:\n\n    # postconf -n smtpd_client_restrictions\n    smtpd_client_restrictions = permit_mynetworks, reject\n\n    If the \\\"smtpd_client_restrictions\\\" parameter contains any entries other\nthan \\\"permit_mynetworks\\\" and \\\"reject\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    If \\\"postfix\\\" is installed, modify the \\\"/etc/postfix/main.cf\\\" file to\nrestrict client connections to the local network with the following command:\n\n    # postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72297\"\n  tag rid: \"SV-86921r3_rule\"\n  tag stig_id: \"RHEL-07-040680\"\n  tag fix_id: \"F-78651r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  # Only permit_mynetworks and reject should be allowed\n  describe.one do\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+permit_mynetworks,\\s*reject\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+permit_mynetworks\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+reject\\s*$} }\n    end\n    describe command('postconf -n smtpd_client_restrictions') do\n      its('stdout.strip') { should match %r{^smtpd_client_restrictions\\s+=\\s+reject,\\s*permit_mynetworks\\s*$} }\n    end\n  end if package('postfix').installed?\n\n  describe \"The `postfix` package is not installed\" do\n    skip \"The `postfix` package is not installed, this control is Not Applicable\"\n  end if !package('postfix').installed?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `postconf -n smtpd_client_restrictions` stdout.strip is expected to match /^smtpd_client_restrictions\s+=\s+permit_mynetworks,\s*reject\s*$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86787r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the sudoers file and all files in the &#x2F;etc&#x2F;sudoers.d&#x2F; directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the sudoers file and all files in the /etc/sudoers.d/ directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to access the &quot;&#x2F;etc&#x2F;sudoers&quot; file and files
-in the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; directory.
+successful/unsuccessful attempts to access the "/etc/sudoers" file and files
+in the "/etc/sudoers.d/" directory.
 
     Check for modification of the following files being audited by performing
 the following commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -i &quot;&#x2F;etc&#x2F;sudoers&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i "/etc/sudoers" /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;sudoers -p wa -k privileged-actions
+    -w /etc/sudoers -p wa -k privileged-actions
 
-    # grep -i &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i "/etc/sudoers.d/" /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;sudoers.d&#x2F; -p wa -k privileged-actions
+    -w /etc/sudoers.d/ -p wa -k privileged-actions
 
     If the commands do not return output that match the examples, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to access the &quot;&#x2F;etc&#x2F;sudoers&quot; file and files
-in the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;&quot; directory.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;sudoers -p wa -k privileged-actions
-
-    -w &#x2F;etc&#x2F;sudoers.d&#x2F; -p wa -k privileged-actions
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>853d4487-f4b7-4f18-bb4e-424bbd68e1f5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers.d&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;sudoers.d&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72109</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86733r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to access the "/etc/sudoers" file and files
+in the "/etc/sudoers.d/" directory.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/sudoers -p wa -k privileged-actions
+
+    -w /etc/sudoers.d/ -p wa -k privileged-actions
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72163\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe sudoers file and all files in the /etc/sudoers.d/ directory.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to access the \\\"/etc/sudoers\\\" file and files\nin the \\\"/etc/sudoers.d/\\\" directory.\n\n    Check for modification of the following files being audited by performing\nthe following commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -i \\\"/etc/sudoers\\\" /etc/audit/audit.rules\n\n    -w /etc/sudoers -p wa -k privileged-actions\n\n    # grep -i \\\"/etc/sudoers.d/\\\" /etc/audit/audit.rules\n\n    -w /etc/sudoers.d/ -p wa -k privileged-actions\n\n    If the commands do not return output that match the examples, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to access the \\\"/etc/sudoers\\\" file and files\nin the \\\"/etc/sudoers.d/\\\" directory.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/sudoers -p wa -k privileged-actions\n\n    -w /etc/sudoers.d/ -p wa -k privileged-actions\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72163\"\n  tag rid: \"SV-86787r5_rule\"\n  tag stig_id: \"RHEL-07-030700\"\n  tag fix_id: \"F-78517r6_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_files = ['/etc/sudoers', '/etc/sudoers.d']\n\n  if audit_files.any? { |audit_file| file(audit_file).exist? }\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  audit_files.each do |audit_file|\n    describe auditd.file(audit_file) do\n      its('permissions') { should_not cmp [] }\n      its('action') { should_not include 'never' }\n    end if file(audit_file).exist?\n\n    # Resource creates data structure including all usages of file\n    perms = auditd.file(audit_file).permissions\n\n    perms.each do |perm|\n      describe perm do\n        it { should include 'w' }\n        it { should include 'a' }\n      end\n    end if file(audit_file).exist?\n  end\n\n  describe \"The #{audit_files} files do not exist\" do\n    skip \"The #{audit_files} files do not exist, this requirement is Not Applicable.\"\n  end if !audit_files.any? { |audit_file| file(audit_file).exist? }\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/sudoers" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers.d" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/sudoers.d" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72109</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86733r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchmodat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchmodat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmodat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmodat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw fchmodat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchmodat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchmodat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchmodat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmodat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmodat" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmodat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>97a743cb-2a10-4eb4-88c9-b4b75fa43235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmodat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71999</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86623r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020260</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72109\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchmodat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmodat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw fchmodat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchmodat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmodat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72109\"\n  tag rid: \"SV-86733r5_rule\"\n  tag stig_id: \"RHEL-07-030430\"\n  tag fix_id: \"F-78461r8_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchmodat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchmodat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmodat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71999</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86623r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020260</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system security patches and
-updates must be installed and up to date.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+updates must be installed and up to date.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Timely patching is critical for maintaining the operational
 availability, confidentiality, and integrity of information technology (IT)
 systems. However, failure to keep operating system and application software
@@ -12121,20 +11557,20 @@ keep abreast of all the new patches. When new weaknesses in an operating system
 exist, patches are usually made available by the vendor to resolve the
 problems. If the most recent security patches and updates are not installed,
 unauthorized users may take advantage of weaknesses in the unpatched software.
-The lack of prompt attention to patching could result in a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The lack of prompt attention to patching could result in a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system security patches and updates are installed and
 up to date. Updates are required to be applied with a frequency determined by
 the site or Program Management Office (PMO).
 
     Obtain the list of available package security updates from Red Hat. The URL
-for updates is https:&#x2F;&#x2F;rhn.redhat.com&#x2F;errata&#x2F;. It is important to note that
+for updates is https://rhn.redhat.com/errata/. It is important to note that
 updates provided by Red Hat may not be present on the system if the underlying
 packages are not installed.
 
@@ -12157,228 +11593,201 @@ Altered
 84 EE
 
     If package updates have not been performed on the system within the
-timeframe that the site&#x2F;program documentation requires, this is a finding.
+timeframe that the site/program documentation requires, this is a finding.
 
     Typical update frequency may be overridden by Information Assurance
 Vulnerability Alert (IAVA) notifications from CYBERCOM.
 
     If the operating system is in non-compliance with the Information Assurance
-Vulnerability Management (IAVM) process, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Vulnerability Management (IAVM) process, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install the operating system patches or updated packages
-available from Red Hat within 30 days or sooner as local policy dictates.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fd82c02b-91fe-4e6f-ae0f-7ef1ddea9279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-List of out-of-date packages is expected to be empty
-expected &#x60;[&quot;bind-export-libs&quot;, &quot;device-mapper&quot;, &quot;device-mapper-libs&quot;, &quot;python-requests&quot;, &quot;systemd&quot;, &quot;puppet5-release&quot;, &quot;systemd-sysv&quot;, &quot;systemd-libs&quot;, &quot;libgudev1&quot;, &quot;rh-amazon-rhui-client&quot;].empty?&#x60; to return true, got false
---------------------------------
-passed
-System Package bind-export-libs version is expected to eq &quot;9.11.4-16.P2.el7_8.2&quot;
-
-expected: &quot;9.11.4-16.P2.el7_8.2&quot;
-     got: &quot;9.11.4-16.P2.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package device-mapper version is expected to eq &quot;1.02.164-7.el7_8.1&quot;
-
-expected: &quot;1.02.164-7.el7_8.1&quot;
-     got: &quot;1.02.164-7.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package device-mapper-libs version is expected to eq &quot;1.02.164-7.el7_8.1&quot;
-
-expected: &quot;1.02.164-7.el7_8.1&quot;
-     got: &quot;1.02.164-7.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package python-requests version is expected to eq &quot;2.6.0-9.el7_8&quot;
-
-expected: &quot;2.6.0-9.el7_8&quot;
-     got: &quot;2.6.0-8.el7_7&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package puppet5-release version is expected to eq &quot;5.0.0-11.el6&quot;
-
-expected: &quot;5.0.0-11.el6&quot;
-     got: &quot;5.0.0-4.el6&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd-sysv version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package systemd-libs version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package libgudev1 version is expected to eq &quot;219-73.el7_8.5&quot;
-
-expected: &quot;219-73.el7_8.5&quot;
-     got: &quot;219-73.el7.1&quot;
-
-(compared using &#x3D;&#x3D;)
-
---------------------------------
-passed
-System Package rh-amazon-rhui-client version is expected to eq &quot;3.0.26-1.el7&quot;
-
-expected: &quot;3.0.26-1.el7&quot;
-     got: &quot;3.0.18-1.el7&quot;
-
-(compared using &#x3D;&#x3D;)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72073</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86697r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+available from Red Hat within 30 days or sooner as local policy dictates.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71999\" do\n  title \"The Red Hat Enterprise Linux operating system security patches and\nupdates must be installed and up to date.\"\n  desc  \"Timely patching is critical for maintaining the operational\navailability, confidentiality, and integrity of information technology (IT)\nsystems. However, failure to keep operating system and application software\npatched is a common mistake made by IT professionals. New patches are released\ndaily, and it is often difficult for even experienced System Administrators to\nkeep abreast of all the new patches. When new weaknesses in an operating system\nexist, patches are usually made available by the vendor to resolve the\nproblems. If the most recent security patches and updates are not installed,\nunauthorized users may take advantage of weaknesses in the unpatched software.\nThe lack of prompt attention to patching could result in a system compromise.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system security patches and updates are installed and\nup to date. Updates are required to be applied with a frequency determined by\nthe site or Program Management Office (PMO).\n\n    Obtain the list of available package security updates from Red Hat. The URL\nfor updates is https://rhn.redhat.com/errata/. It is important to note that\nupdates provided by Red Hat may not be present on the system if the underlying\npackages are not installed.\n\n    Check that the available package security updates have been installed on\nthe system with the following command:\n\n    # yum history list | more\n    Loaded plugins: langpacks, product-id, subscription-manager\n    ID     | Command line             | Date and time    | Action(s)      |\nAltered\n\n-------------------------------------------------------------------------------\n        70 | install aide             | 2016-05-05 10:58 | Install       |\n1\n        69 | update -y                | 2016-05-04 14:34 | Update     |   18 EE\n        68 | install vlc                | 2016-04-21 17:12 | Install        |\n21\n        67 | update -y                | 2016-04-21 17:04 | Update     |     7 EE\n        66 | update -y                | 2016-04-15 16:47 | E, I, U         |\n84 EE\n\n    If package updates have not been performed on the system within the\ntimeframe that the site/program documentation requires, this is a finding.\n\n    Typical update frequency may be overridden by Information Assurance\nVulnerability Alert (IAVA) notifications from CYBERCOM.\n\n    If the operating system is in non-compliance with the Information Assurance\nVulnerability Management (IAVM) process, this is a finding.\n  \"\n  desc  \"fix\", \"Install the operating system patches or updated packages\navailable from Red Hat within 30 days or sooner as local policy dictates.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71999\"\n  tag rid: \"SV-86623r4_rule\"\n  tag stig_id: \"RHEL-07-020260\"\n  tag fix_id: \"F-78351r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  updates = linux_update.updates\n  package_names = updates.map { |h| h['name'] }\n\n  describe.one do\n    describe 'List of out-of-date packages' do\n      subject { package_names }\n      it { should be_empty }\n    end\n\n    updates.each do |update|\n      describe package(update['name']) do\n        its('version') { should eq update['version'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST List of out-of-date packages is expected to be empty :: MESSAGE expected `["bind-export-libs", "device-mapper", "device-mapper-libs", "python-requests", "systemd", "puppet5-release", "systemd-sysv", "systemd-libs", "libgudev1", "rh-amazon-rhui-client"].empty?` to return true, got false
+--------------------------------
+passed :: TEST System Package bind-export-libs version is expected to eq "9.11.4-16.P2.el7_8.2" :: MESSAGE 
+expected: "9.11.4-16.P2.el7_8.2"
+     got: "9.11.4-16.P2.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package device-mapper version is expected to eq "1.02.164-7.el7_8.1" :: MESSAGE 
+expected: "1.02.164-7.el7_8.1"
+     got: "1.02.164-7.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package device-mapper-libs version is expected to eq "1.02.164-7.el7_8.1" :: MESSAGE 
+expected: "1.02.164-7.el7_8.1"
+     got: "1.02.164-7.el7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package python-requests version is expected to eq "2.6.0-9.el7_8" :: MESSAGE 
+expected: "2.6.0-9.el7_8"
+     got: "2.6.0-8.el7_7"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package puppet5-release version is expected to eq "5.0.0-11.el6" :: MESSAGE 
+expected: "5.0.0-11.el6"
+     got: "5.0.0-4.el6"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd-sysv version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package systemd-libs version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package libgudev1 version is expected to eq "219-73.el7_8.5" :: MESSAGE 
+expected: "219-73.el7_8.5"
+     got: "219-73.el7.1"
+
+(compared using ==)
+
+--------------------------------
+passed :: TEST System Package rh-amazon-rhui-client version is expected to eq "3.0.26-1.el7" :: MESSAGE 
+expected: "3.0.26-1.el7"
+     got: "3.0.18-1.el7"
+
+(compared using ==)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72073</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86697r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a file
 integrity tool that is configured to use FIPS 140-2 approved cryptographic
-hashes for validating file contents and directories.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+hashes for validating file contents and directories.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>File integrity tools use cryptographic hashes for verifying file
 contents and directories have not been altered. These hashes must be FIPS 140-2
-approved cryptographic hashes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+approved cryptographic hashes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to use FIPS 140-2 approved
 cryptographic hashes for validating file contents and directories.
 
@@ -12398,147 +11807,140 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;sha512&quot; rule has been
+    Check the "aide.conf" file to determine if the "sha512" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;sha512&quot; rule follows:
+    An example rule that includes the "sha512" rule follows:
 
-    All&#x3D;p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;sha512&quot; rule is not being used on all uncommented selection lines
-in the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or another file integrity tool is not using
+    If the "sha512" rule is not being used on all uncommented selection lines
+in the "/etc/aide.conf" file, or another file integrity tool is not using
 FIPS 140-2 approved cryptographic hashes for validating file contents and
-directories, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+directories, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to use FIPS 140-2 cryptographic hashes
 for validating file and directory contents.
 
-    If AIDE is installed, ensure the &quot;sha512&quot; rule is present on all
-uncommented file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9e89384e-bc04-45ee-b6e7-ba3a5d65266f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;sha512&#39; rule is expected to be empty
-expected &#x60;[&quot;&#x2F;root&#x2F;\\..*&quot;, &quot;&#x2F;var&#x2F;log&#x2F;faillog$&quot;, &quot;&#x2F;var&#x2F;log&#x2F;lastlog$&quot;, &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot;, &quot;&#x2F;var&#x2F;log&quot;, &quot;&#x2F;var&#x2F;run&#x2F;utmp$&quot;, &quot;&#x2F;etc&quot;].empty?&#x60; to return true, got false</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71863</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86487r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "sha512" rule is present on all
+uncommented file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72073\" do\n  title \"The Red Hat Enterprise Linux operating system must use a file\nintegrity tool that is configured to use FIPS 140-2 approved cryptographic\nhashes for validating file contents and directories.\"\n  desc  \"File integrity tools use cryptographic hashes for verifying file\ncontents and directories have not been altered. These hashes must be FIPS 140-2\napproved cryptographic hashes.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to use FIPS 140-2 approved\ncryptographic hashes for validating file contents and directories.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding too\nas the system cannot implement FIPS 140-2 approved cryptographic algorithms and\nhashes.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"sha512\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"sha512\\\" rule follows:\n\n    All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"sha512\\\" rule is not being used on all uncommented selection lines\nin the \\\"/etc/aide.conf\\\" file, or another file integrity tool is not using\nFIPS 140-2 approved cryptographic hashes for validating file contents and\ndirectories, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to use FIPS 140-2 cryptographic hashes\nfor validating file and directory contents.\n\n    If AIDE is installed, ensure the \\\"sha512\\\" rule is present on all\nuncommented file and directory selection lists.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72073\"\n  tag rid: \"SV-86697r3_rule\"\n  tag stig_id: \"RHEL-07-021620\"\n  tag fix_id: \"F-78425r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  exclude_patterns = input('aide_exclude_patterns')\n\n  findings = aide_conf.where { !selection_line.start_with?('!') &amp;&amp; !exclude_patterns.include?(selection_line) &amp;&amp; !rules.include?('sha512')}\n\n  describe \"List of monitored files/directories without 'sha512' rule\" do\n    subject { findings.selection_lines }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'sha512' rule is expected to be empty :: MESSAGE expected `["/root/\\..*", "/var/log/faillog$", "/var/log/lastlog$", "/var/run/faillock", "/var/log", "/var/run/utmp$", "/etc"].empty?` to return true, got false</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71863</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86487r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner before granting local or
-remote access to the system via a command line user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+remote access to the system via a command line user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -12551,7 +11953,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12576,14 +11978,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the Standard Mandatory DoD Notice and
 Consent Banner before granting access to the operating system via a command
 line user logon.
@@ -12591,10 +11993,10 @@ line user logon.
     Check to see if the operating system displays a banner at the command line
 logon screen with the following command:
 
-    # more &#x2F;etc&#x2F;issue
+    # more /etc/issue
 
     The command should return the following text:
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12619,24 +12021,24 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
+Agreement for details."
 
     If the operating system does not display a graphical logon banner or the
 banner does not match the Standard Mandatory DoD Notice and Consent Banner,
 this is a finding.
 
-    If the text in the &quot;&#x2F;etc&#x2F;issue&quot; file does not match the Standard
-Mandatory DoD Notice and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the text in the "/etc/issue" file does not match the Standard
+Mandatory DoD Notice and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system via the command line by
-editing the &quot;&#x2F;etc&#x2F;issue&quot; file.
+editing the "/etc/issue" file.
 
     Replace the default text with the Standard Mandatory DoD Notice and Consent
 Banner. The DoD required text is:
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -12661,297 +12063,283 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants.  Such
 communications and work product are private and confidential.  See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b06079e2-1edc-4e72-9c86-8e3d32d3ec00</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The banner text should match the standard banner is expected to cmp &#x3D;&#x3D; &quot;YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.&quot;
-
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71863\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner before granting local or\nremote access to the system via a command line user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the Standard Mandatory DoD Notice and\nConsent Banner before granting access to the operating system via a command\nline user logon.\n\n    Check to see if the operating system displays a banner at the command line\nlogon screen with the following command:\n\n    # more /etc/issue\n\n    The command should return the following text:\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    If the operating system does not display a graphical logon banner or the\nbanner does not match the Standard Mandatory DoD Notice and Consent Banner,\nthis is a finding.\n\n    If the text in the \\\"/etc/issue\\\" file does not match the Standard\nMandatory DoD Notice and Consent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system via the command line by\nediting the \\\"/etc/issue\\\" file.\n\n    Replace the default text with the Standard Mandatory DoD Notice and Consent\nBanner. The DoD required text is:\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants.  Such\ncommunications and work product are private and confidential.  See User\nAgreement for details.\\\"\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\"]\n  tag gid: \"V-71863\"\n  tag rid: \"SV-86487r3_rule\"\n  tag stig_id: \"RHEL-07-010050\"\n  tag fix_id: \"F-78217r2_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  banner_message_text_cli = input('banner_message_text_cli')\n  banner_message_text_cli_limited = input('banner_message_text_cli_limited')\n\n  clean_banner = banner_message_text_cli.gsub(%r{[\\r\\n\\s]}, '')\n  clean_banner_limited = banner_message_text_cli_limited.gsub(%r{[\\r\\n\\s]}, '')\n  banner_file = file(\"/etc/issue\")\n  banner_missing = !banner_file.exist?\n\n  describe \"The banner text is not set because /etc/issue does not exist\" do\n    subject { banner_missing }\n    it { should be false }\n  end if banner_missing\n\n  banner_message = banner_file.content.gsub(%r{[\\r\\n\\s]}, '')\n  describe.one do\n    describe \"The banner text should match the standard banner\" do\n      subject { banner_message }\n      it { should cmp clean_banner }\n    end\n    describe \"The banner text should match the limited banner\" do\n      subject { banner_message }\n      it{should cmp clean_banner_limited }\n    end\n  end if !banner_missing\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The banner text should match the standard banner is expected to cmp == "YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails." :: MESSAGE 
 expected: YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-The banner text should match the limited banner is expected to cmp &#x3D;&#x3D; &quot;I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.&quot;
-
-expected: I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.
+passed :: TEST The banner text should match the limited banner is expected to cmp == "I'veread&amp;consenttotermsinISuseragreem't." :: MESSAGE 
+expected: I'veread&amp;consenttotermsinISuseragreem't.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72319</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86943r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040830</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72319</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86943r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040830</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward IPv6
-source-routed packets.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+source-routed packets.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv6
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If IPv6 is not enabled, the key will not exist, and this is Not Applicable.
 
     Verify the system does not accept IPv6 source-routed packets.
 
-    # grep net.ipv6.conf.all.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    net.ipv6.conf.all.accept_source_route = 0
 
-    If &quot;net.ipv6.conf.all.accept_source_route&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or
-does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv6.conf.all.accept_source_route" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv6.conf.all.accept_source_route
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route
+    net.ipv6.conf.all.accept_source_route = 0
 
-    If the returned lines do not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned lines do not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter, if IPv6 is enabled, by
-adding the following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in
-the &#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+adding the following line to "/etc/sysctl.conf" or a configuration file in
+the /etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv6.conf.all.accept_source_route &#x3D; 0
+    net.ipv6.conf.all.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>11056a7a-debd-423c-9fe1-82561c89e141</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv6.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86853r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040190</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72319\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward IPv6\nsource-routed packets.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv6\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If IPv6 is not enabled, the key will not exist, and this is Not Applicable.\n\n    Verify the system does not accept IPv6 source-routed packets.\n\n    # grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    net.ipv6.conf.all.accept_source_route = 0\n\n    If \\\"net.ipv6.conf.all.accept_source_route\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route\n    net.ipv6.conf.all.accept_source_route = 0\n\n    If the returned lines do not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter, if IPv6 is enabled, by\nadding the following line to \\\"/etc/sysctl.conf\\\" or a configuration file in\nthe /etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv6.conf.all.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72319\"\n  tag rid: \"SV-86943r2_rule\"\n  tag stig_id: \"RHEL-07-040830\"\n  tag fix_id: \"F-78673r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe kernel_parameter('net.ipv6.conf.all.accept_source_route') do\n      its('value') { should eq 0 }\n    end\n\t# If IPv6 is disabled in the kernel it will return NIL\n    describe kernel_parameter('net.ipv6.conf.all.accept_source_route') do\n      its('value') { should eq nil }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv6.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86853r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040190</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
 cryptography to protect the integrity of Lightweight Directory Access Protocol
-(LDAP) communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(LDAP) communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, information can be
 altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If LDAP is not being utilized, this requirement is Not Applicable.
 
     Verify the operating system implements cryptography to protect the
@@ -12962,311 +12350,297 @@ command:
 
     # systemctl status sssd.service
     sssd.service - System Security Services Daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sssd.service; enabled; vendor
+    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
 preset: disabled)
     Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago
 
-    If the &quot;sssd.service&quot; is &quot;active&quot;, then LDAP is being used.
+    If the "sssd.service" is "active", then LDAP is being used.
 
-    Determine the &quot;id_provider&quot; the LDAP is currently using:
+    Determine the "id_provider" the LDAP is currently using:
 
-    # grep -i &quot;id_provider&quot; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
+    # grep -i "id_provider" /etc/sssd/sssd.conf
 
-    id_provider &#x3D; ad
+    id_provider = ad
 
-    If &quot;id_provider&quot; is set to &quot;ad&quot;, this is Not Applicable.
+    If "id_provider" is set to "ad", this is Not Applicable.
 
     Verify the sssd service is configured to require the use of certificates:
 
-    # grep -i tls_reqcert &#x2F;etc&#x2F;sssd&#x2F;sssd.conf
-    ldap_tls_reqcert &#x3D; demand
+    # grep -i tls_reqcert /etc/sssd/sssd.conf
+    ldap_tls_reqcert = demand
 
-    If the &quot;ldap_tls_reqcert&quot; setting is missing, commented out, or does not
+    If the "ldap_tls_reqcert" setting is missing, commented out, or does not
 exist, this is a finding.
 
-    If the &quot;ldap_tls_reqcert&quot; setting is not set to &quot;demand&quot; or &quot;hard&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ldap_tls_reqcert" setting is not set to "demand" or "hard",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement cryptography to protect the
 integrity of LDAP remote access sessions.
 
-    Add or modify the following line in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot;:
-
-    ldap_tls_reqcert &#x3D; demand</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9e75e88e-c772-46bc-ab50-c71361b4e3f9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-LDAP not enabled
-LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72103</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86727r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030400</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or modify the following line in "/etc/sssd/sssd.conf":
+
+    ldap_tls_reqcert = demand</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72229\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\ncryptography to protect the integrity of Lightweight Directory Access Protocol\n(LDAP) communications.\"\n  desc  \"Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If LDAP is not being utilized, this requirement is Not Applicable.\n\n    Verify the operating system implements cryptography to protect the\nintegrity of remote LDAP access sessions.\n\n    To determine if LDAP is being used for authentication, use the following\ncommand:\n\n    # systemctl status sssd.service\n    sssd.service - System Security Services Daemon\n    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor\npreset: disabled)\n    Active: active (running) since Wed 2018-06-27 10:58:11 EST; 1h 50min ago\n\n    If the \\\"sssd.service\\\" is \\\"active\\\", then LDAP is being used.\n\n    Determine the \\\"id_provider\\\" the LDAP is currently using:\n\n    # grep -i \\\"id_provider\\\" /etc/sssd/sssd.conf\n\n    id_provider = ad\n\n    If \\\"id_provider\\\" is set to \\\"ad\\\", this is Not Applicable.\n\n    Verify the sssd service is configured to require the use of certificates:\n\n    # grep -i tls_reqcert /etc/sssd/sssd.conf\n    ldap_tls_reqcert = demand\n\n    If the \\\"ldap_tls_reqcert\\\" setting is missing, commented out, or does not\nexist, this is a finding.\n\n    If the \\\"ldap_tls_reqcert\\\" setting is not set to \\\"demand\\\" or \\\"hard\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement cryptography to protect the\nintegrity of LDAP remote access sessions.\n\n    Add or modify the following line in \\\"/etc/sssd/sssd.conf\\\":\n\n    ldap_tls_reqcert = demand\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72229\"\n  tag rid: \"SV-86853r4_rule\"\n  tag stig_id: \"RHEL-07-040190\"\n  tag fix_id: \"F-78583r4_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  sssd_id_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*id_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  sssd_ldap_enabled = (package('sssd').installed? and\n    !command('grep \"^\\s*[a-z]*_provider\\s*=\\s*ldap\" /etc/sssd/sssd.conf').stdout.strip.empty?)\n\n  pam_ldap_enabled = (!command('grep \"^[^#]*pam_ldap\\.so\" /etc/pam.d/*').stdout.strip.empty?)\n\n  if !(sssd_id_ldap_enabled or sssd_ldap_enabled or pam_ldap_enabled)\n    impact 0.0\n    describe \"LDAP not enabled\" do\n      skip \"LDAP not enabled using any known mechanisms, this control is Not Applicable.\"\n    end\n  end\n\n  if sssd_id_ldap_enabled\n    ldap_id_use_start_tls = command('grep ldap_id_use_start_tls /etc/sssd/sssd.conf')\n    describe ldap_id_use_start_tls do\n      its('stdout.strip') { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n    end\n\n    ldap_id_use_start_tls.stdout.strip.each_line do |line|\n      describe line do\n        it { should match %r{^ldap_id_use_start_tls\\s*=\\s*true$}}\n      end\n    end\n  end\n\n  if sssd_ldap_enabled\n    ldap_tls_cacertdir = command('grep -i ldap_tls_cacertdir /etc/sssd/sssd.conf').\n      stdout.strip.scan(%r{^ldap_tls_cacertdir\\s*=\\s*(.*)}).last\n\n    describe \"ldap_tls_cacertdir\" do\n      subject { ldap_tls_cacertdir }\n      it { should_not eq nil }\n    end\n\n    describe file(ldap_tls_cacertdir.last) do\n      it { should exist }\n      it { should be_directory }\n    end if !ldap_tls_cacertdir.nil?\n  end\n\n  if pam_ldap_enabled\n    tls_cacertdir = command('grep -i tls_cacertdir /etc/pam_ldap.conf').\n      stdout.strip.scan(%r{^tls_cacertdir\\s+(.*)}).last\n\n    describe \"tls_cacertdir\" do\n      subject { tls_cacertdir }\n      it { should_not eq nil }\n    end\n\n    describe file(tls_cacertdir.last) do\n      it { should exist }\n      it { should be_directory }\n    end if !tls_cacertdir.nil?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST LDAP not enabled :: SKIP_MESSAGE LDAP not enabled using any known mechanisms, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72103</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86727r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030400</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchownat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchownat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchownat&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchownat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fchownat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchownat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchownat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchownat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchownat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f9d55aa6-eae0-44c4-9655-8fe089ec0c2a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchownat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86701r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72103\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchownat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchownat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fchownat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchownat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72103\"\n  tag rid: \"SV-86727r5_rule\"\n  tag stig_id: \"RHEL-07-030400\"\n  tag fix_id: \"F-78455r7_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchownat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchownat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchownat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86701r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the
-telnet-server package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+telnet-server package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>It is detrimental for operating systems to provide, or install by
 default, functionality exceeding requirements or mission objectives. These
 unnecessary capabilities or services are often overlooked and therefore may
@@ -13281,14 +12655,14 @@ functions).
     Examples of non-essential capabilities include, but are not limited to,
 games, software packages, tools, and demonstration software not related to
 requirements or providing a wide array of functionality not required for every
-mission, but which cannot be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+mission, but which cannot be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is configured to disable non-essential
 capabilities. The most secure way of ensuring a non-essential capability is
 disabled is to not have the capability installed.
@@ -13305,415 +12679,399 @@ command:
 
     # yum list installed telnet-server
 
-    If the telnet-server package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the telnet-server package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
 removing the telnet-server package from the system with the following command:
 
-    # yum remove telnet-server</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>237294ad-5aa9-485b-adee-b7e33aa268e9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package telnet-server is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71949</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86573r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove telnet-server</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72077\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the\ntelnet-server package installed.\"\n  desc  \"It is detrimental for operating systems to provide, or install by\ndefault, functionality exceeding requirements or mission objectives. These\nunnecessary capabilities or services are often overlooked and therefore may\nremain unsecured. They increase the risk to the platform by providing\nadditional attack vectors.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services, provided by default, may not be\nnecessary to support essential organizational operations (e.g., key missions,\nfunctions).\n\n    Examples of non-essential capabilities include, but are not limited to,\ngames, software packages, tools, and demonstration software not related to\nrequirements or providing a wide array of functionality not required for every\nmission, but which cannot be disabled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is configured to disable non-essential\ncapabilities. The most secure way of ensuring a non-essential capability is\ndisabled is to not have the capability installed.\n\n    The telnet service provides an unencrypted remote access service that does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session.\n\n    If a privileged user were to log on using this service, the privileged user\npassword could be compromised.\n\n    Check to see if the telnet-server package is installed with the following\ncommand:\n\n    # yum list installed telnet-server\n\n    If the telnet-server package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the telnet-server package from the system with the following command:\n\n    # yum remove telnet-server\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-72077\"\n  tag rid: \"SV-86701r2_rule\"\n  tag stig_id: \"RHEL-07-021710\"\n  tag fix_id: \"F-78429r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package('telnet-server') do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package telnet-server is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71949</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86573r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that users must re-authenticate for privilege escalation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that users must re-authenticate for privilege escalation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without re-authentication, users may access resources or perform tasks
 for which they do not have authorization.
 
     When operating systems provide the capability to escalate a functional
-capability, it is critical the user reauthenticate.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+capability, it is critical the user reauthenticate.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system requires users to reauthenticate for privilege
 escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; and &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot;
+    Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*"
 files with the following command:
 
-    # grep -i authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
+    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*
 
-    If any uncommented line is found with a &quot;!authenticate&quot; tag, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any uncommented line is found with a "!authenticate" tag, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require users to reauthenticate for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; file with the following
+    Check the configuration of the "/etc/sudoers" file with the following
 command:
 
     # visudo
-    Remove any occurrences of &quot;!authenticate&quot; tags in the file.
+    Remove any occurrences of "!authenticate" tags in the file.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot; files with the
+    Check the configuration of the "/etc/sudoers.d/*" files with the
 following command:
 
-    # grep -i authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
-    Remove any occurrences of &quot;!authenticate&quot; tags in the file(s).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7410cce2-356d-41c5-8ff7-20ee47f28d92</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -ir authenticate &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*&#x60; stdout is expected not to match &#x2F;!authenticate&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86657r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*
+    Remove any occurrences of "!authenticate" tags in the file(s).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71949\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat users must re-authenticate for privilege escalation.\"\n  desc  \"Without re-authentication, users may access resources or perform tasks\nfor which they do not have authorization.\n\n    When operating systems provide the capability to escalate a functional\ncapability, it is critical the user reauthenticate.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system requires users to reauthenticate for privilege\nescalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" and \\\"/etc/sudoers.d/*\\\"\nfiles with the following command:\n\n    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*\n\n    If any uncommented line is found with a \\\"!authenticate\\\" tag, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require users to reauthenticate for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" file with the following\ncommand:\n\n    # visudo\n    Remove any occurrences of \\\"!authenticate\\\" tags in the file.\n\n    Check the configuration of the \\\"/etc/sudoers.d/*\\\" files with the\nfollowing command:\n\n    # grep -i authenticate /etc/sudoers /etc/sudoers.d/*\n    Remove any occurrences of \\\"!authenticate\\\" tags in the file(s).\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000373-GPOS-00156\"\n  tag satisfies: [\"SRG-OS-000373-GPOS-00156\", \"SRG-OS-000373-GPOS-00157\",\n\"SRG-OS-000373-GPOS-00158\"]\n  tag gid: \"V-71949\"\n  tag rid: \"SV-86573r3_rule\"\n  tag stig_id: \"RHEL-07-010350\"\n  tag fix_id: \"F-78301r3_fix\"\n  tag cci: [\"CCI-002038\"]\n  tag nist: [\"IA-11\", \"Rev_4\"]\n\n  describe command(\"grep -ir authenticate /etc/sudoers /etc/sudoers.d/*\") do\n    its('stdout') { should_not match %r{!authenticate} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -ir authenticate /etc/sudoers /etc/sudoers.d/*` stdout is expected not to match /!authenticate/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86657r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all local initialization files have mode 0740 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Local initialization files are used to configure the user&#39;s shell
+that all local initialization files have mode 0740 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Local initialization files are used to configure the user's shell
 environment upon logon. Malicious modification of these files could compromise
-accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that all local initialization files have a mode of &quot;0740&quot; or less
+accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that all local initialization files have a mode of "0740" or less
 permissive.
 
     Check the mode on all local initialization files with the following command:
 
-    Note: The example will be for the &quot;smithj&quot; user, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the "smithj" user, who has a home directory
+of "/home/smithj".
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr----- 1 smithj users 896 Mar 10 2011 .profile
     -rwxr----- 1 smithj users 497 Jan 6 2007 .login
     -rwxr----- 1 smithj users 886 Jan 6 2007 .something
 
     If any local initialization files have a mode more permissive than
-&quot;0740&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the mode of the local initialization files to &quot;0740&quot; with the
+"0740", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the mode of the local initialization files to "0740" with the
 following command:
 
-    Note: The example will be for the &quot;smithj&quot; user, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chmod 0740 &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>84c0eada-68a7-45df-a4e0-3cb28a85441d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {&quot;&#x2F;root&#x2F;.bash_logout&quot;, &quot;&#x2F;root&#x2F;.bash_profile&quot;, &quot;&#x2F;root&#x2F;.bashrc&quot;, &quot;&#x2F;root&#x2F;.cshrc&quot;, &quot;&#x2F;root&#x2F;.tcshrc&quot;}&gt; is expected to be empty
-expected &#x60;#&lt;Set: {&quot;&#x2F;root&#x2F;.bash_logout&quot;, &quot;&#x2F;root&#x2F;.bash_profile&quot;, &quot;&#x2F;root&#x2F;.bashrc&quot;, &quot;&#x2F;root&#x2F;.cshrc&quot;, &quot;&#x2F;root&#x2F;.tcshrc&quot;}&gt;.empty?&#x60; to return true, got false</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71911</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86535r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Note: The example will be for the "smithj" user, who has a home directory
+of "/home/smithj".
+
+    # chmod 0740 /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72033\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files have mode 0740 or less permissive.\"\n  desc  \"Local initialization files are used to configure the user's shell\nenvironment upon logon. Malicious modification of these files could compromise\naccounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all local initialization files have a mode of \\\"0740\\\" or less\npermissive.\n\n    Check the mode on all local initialization files with the following command:\n\n    Note: The example will be for the \\\"smithj\\\" user, who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr----- 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr----- 1 smithj users 497 Jan 6 2007 .login\n    -rwxr----- 1 smithj users 886 Jan 6 2007 .something\n\n    If any local initialization files have a mode more permissive than\n\\\"0740\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the mode of the local initialization files to \\\"0740\\\" with the\nfollowing command:\n\n    Note: The example will be for the \\\"smithj\\\" user, who has a home directory\nof \\\"/home/smithj\\\".\n\n    # chmod 0740 /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72033\"\n  tag rid: \"SV-86657r3_rule\"\n  tag stig_id: \"RHEL-07-020710\"\n  tag fix_id: \"F-78385r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    findings = findings + command(\"find #{user_info.home} -xdev -maxdepth 1 -name '.*' -type f -perm /037\").stdout.split(\"\\n\")\n  end\n  describe findings do\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {"/root/.bash_logout", "/root/.bash_profile", "/root/.bashrc", "/root/.cshrc", "/root/.tcshrc"}&gt; is expected to be empty :: MESSAGE expected `#&lt;Set: {"/root/.bash_logout", "/root/.bash_profile", "/root/.bashrc", "/root/.cshrc", "/root/.tcshrc"}&gt;.empty?` to return true, got false</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71911</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86535r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed a minimum of eight of the total number of
-characters must be changed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+characters must be changed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -13722,146 +13080,141 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;difok&quot; option sets the number of characters in a password that must
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "difok" option sets the number of characters in a password that must
 not be present in the old password.
 
-    Check for the value of the &quot;difok&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "difok" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep difok &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    difok &#x3D; 8
+    # grep difok /etc/security/pwquality.conf
+    difok = 8
 
-    If the value of &quot;difok&quot; is set to less than &quot;8&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "difok" is set to less than "8", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of at least eight of
 the total number of characters when passwords are changed by setting the
-&quot;difok&quot; option.
+"difok" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    difok &#x3D; 8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>46f9bded-fc3f-492a-b4f3-168ae7fc0a59</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf difok.to_i is expected to cmp &gt;&#x3D; 8</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72269</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000355-GPOS-00143</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86893r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    difok = 8</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71911\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed a minimum of eight of the total number of\ncharacters must be changed.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"difok\\\" option sets the number of characters in a password that must\nnot be present in the old password.\n\n    Check for the value of the \\\"difok\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep difok /etc/security/pwquality.conf\n    difok = 8\n\n    If the value of \\\"difok\\\" is set to less than \\\"8\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of at least eight of\nthe total number of characters when passwords are changed by setting the\n\\\"difok\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    difok = 8\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71911\"\n  tag rid: \"SV-86535r2_rule\"\n  tag stig_id: \"RHEL-07-010160\"\n  tag fix_id: \"F-78263r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  difok = input('difok')\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('difok.to_i') { should cmp &gt;= difok }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf difok.to_i is expected to cmp &gt;= 8</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72269</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000355-GPOS-00143</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86893r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must, for networked
 systems, synchronize clocks with a server that is synchronized to one of the
 redundant United States Naval Observatory (USNO) time servers, a time server
-designated for the appropriate DoD network (NIPRNet&#x2F;SIPRNet), and&#x2F;or the Global
-Positioning System (GPS).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global
+Positioning System (GPS).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inaccurate time stamps make it more difficult to correlate events and
 can lead to an inaccurate analysis. Determining the correct time a particular
 event occurred on a system is critical when conducting forensic analysis and
@@ -13874,62 +13227,62 @@ connected over a network.
 
     Organizations should consider endpoints that may not have regular access to
 the authoritative time server (e.g., mobile, teleworking, and tactical
-endpoints).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+endpoints).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if NTP is running in continuous mode:
 
     # ps -ef | grep ntp
 
-    If NTP is not running, check to see if &quot;chronyd&quot; is running in continuous
+    If NTP is not running, check to see if "chronyd" is running in continuous
 mode:
 
     # ps -ef | grep chronyd
 
-    If NTP or &quot;chronyd&quot; is not running, this is a finding.
+    If NTP or "chronyd" is not running, this is a finding.
 
-    If the NTP process is found, then check the &quot;ntp.conf&quot; file for the
-&quot;maxpoll&quot; option setting:
+    If the NTP process is found, then check the "ntp.conf" file for the
+"maxpoll" option setting:
 
-    # grep maxpoll &#x2F;etc&#x2F;ntp.conf
+    # grep maxpoll /etc/ntp.conf
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If the option is set to &quot;17&quot; or is not set, this is a finding.
+    If the option is set to "17" or is not set, this is a finding.
 
-    If the file does not exist, check the &quot;&#x2F;etc&#x2F;cron.daily&quot; subdirectory for
-a crontab file controlling the execution of the &quot;ntpd -q&quot; command.
+    If the file does not exist, check the "/etc/cron.daily" subdirectory for
+a crontab file controlling the execution of the "ntpd -q" command.
 
-    # grep -i &quot;ntpd -q&quot; &#x2F;etc&#x2F;cron.daily&#x2F;*
-    # ls -al &#x2F;etc&#x2F;cron.* | grep ntp
+    # grep -i "ntpd -q" /etc/cron.daily/*
+    # ls -al /etc/cron.* | grep ntp
 
     ntp
 
-    If a crontab file does not exist in the &quot;&#x2F;etc&#x2F;cron.daily&quot; that executes
-the &quot;ntpd -q&quot; command, this is a finding.
+    If a crontab file does not exist in the "/etc/cron.daily" that executes
+the "ntpd -q" command, this is a finding.
 
-    If the &quot;chronyd&quot; process is found, then check the &quot;chrony.conf&quot; file
-for the &quot;maxpoll&quot; option setting:
+    If the "chronyd" process is found, then check the "chrony.conf" file
+for the "maxpoll" option setting:
 
-    # grep maxpoll &#x2F;etc&#x2F;chrony.conf
+    # grep maxpoll /etc/chrony.conf
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If the option is not set or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &quot;&#x2F;etc&#x2F;ntp.conf&quot; or &quot;&#x2F;etc&#x2F;chrony.conf&quot; file and add or update
-an entry to define &quot;maxpoll&quot; to &quot;10&quot; as follows:
+    If the option is not set or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the "/etc/ntp.conf" or "/etc/chrony.conf" file and add or update
+an entry to define "maxpoll" to "10" as follows:
 
     server 0.rhel.pool.ntp.org iburst maxpoll 10
 
-    If NTP was running and &quot;maxpoll&quot; was updated, the NTP service must be
+    If NTP was running and "maxpoll" was updated, the NTP service must be
 restarted:
 
     # systemctl restart ntpd
@@ -13938,419 +13291,398 @@ restarted:
 
     # systemctl start ntpd
 
-    If &quot;chronyd&quot; was running and &quot;maxpoll&quot; was updated, the service must be
+    If "chronyd" was running and "maxpoll" was updated, the service must be
 restarted:
 
     # systemctl restart chronyd.service
 
-    If &quot;chronyd&quot; was not running, it must be started:
-
-    # systemctl start chronyd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e7ee7d7d-f6aa-4649-90fb-63a7cdc73253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service chronyd is expected to be running
---------------------------------
-passed
-Service chronyd is expected to be enabled
---------------------------------
-passed
-Service chronyd is expected to be installed
---------------------------------
-passed
-chronyd time sources list is expected not to be empty
---------------------------------
-passed
-chronyd maxpoll values (99&#x3D;maxpoll absent) is expected to all be &lt; 17</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71931</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86555r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010260</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "chronyd" was not running, it must be started:
+
+    # systemctl start chronyd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72269\" do\n  title \"The Red Hat Enterprise Linux operating system must, for networked\nsystems, synchronize clocks with a server that is synchronized to one of the\nredundant United States Naval Observatory (USNO) time servers, a time server\ndesignated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global\nPositioning System (GPS).\"\n  desc  \"Inaccurate time stamps make it more difficult to correlate events and\ncan lead to an inaccurate analysis. Determining the correct time a particular\nevent occurred on a system is critical when conducting forensic analysis and\ninvestigating system events. Sources outside the configured acceptable\nallowance (drift) may be inaccurate.\n\n    Synchronizing internal information system clocks provides uniformity of\ntime stamps for information systems with multiple system clocks and systems\nconnected over a network.\n\n    Organizations should consider endpoints that may not have regular access to\nthe authoritative time server (e.g., mobile, teleworking, and tactical\nendpoints).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if NTP is running in continuous mode:\n\n    # ps -ef | grep ntp\n\n    If NTP is not running, check to see if \\\"chronyd\\\" is running in continuous\nmode:\n\n    # ps -ef | grep chronyd\n\n    If NTP or \\\"chronyd\\\" is not running, this is a finding.\n\n    If the NTP process is found, then check the \\\"ntp.conf\\\" file for the\n\\\"maxpoll\\\" option setting:\n\n    # grep maxpoll /etc/ntp.conf\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If the option is set to \\\"17\\\" or is not set, this is a finding.\n\n    If the file does not exist, check the \\\"/etc/cron.daily\\\" subdirectory for\na crontab file controlling the execution of the \\\"ntpd -q\\\" command.\n\n    # grep -i \\\"ntpd -q\\\" /etc/cron.daily/*\n    # ls -al /etc/cron.* | grep ntp\n\n    ntp\n\n    If a crontab file does not exist in the \\\"/etc/cron.daily\\\" that executes\nthe \\\"ntpd -q\\\" command, this is a finding.\n\n    If the \\\"chronyd\\\" process is found, then check the \\\"chrony.conf\\\" file\nfor the \\\"maxpoll\\\" option setting:\n\n    # grep maxpoll /etc/chrony.conf\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If the option is not set or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the \\\"/etc/ntp.conf\\\" or \\\"/etc/chrony.conf\\\" file and add or update\nan entry to define \\\"maxpoll\\\" to \\\"10\\\" as follows:\n\n    server 0.rhel.pool.ntp.org iburst maxpoll 10\n\n    If NTP was running and \\\"maxpoll\\\" was updated, the NTP service must be\nrestarted:\n\n    # systemctl restart ntpd\n\n    If NTP was not running, it must be started:\n\n    # systemctl start ntpd\n\n    If \\\"chronyd\\\" was running and \\\"maxpoll\\\" was updated, the service must be\nrestarted:\n\n    # systemctl restart chronyd.service\n\n    If \\\"chronyd\\\" was not running, it must be started:\n\n    # systemctl start chronyd.service\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000355-GPOS-00143\"\n  tag satisfies: [\"SRG-OS-000355-GPOS-00143\", \"SRG-OS-000356-GPOS-00144\"]\n  tag gid: \"V-72269\"\n  tag rid: \"SV-86893r5_rule\"\n  tag stig_id: \"RHEL-07-040500\"\n  tag fix_id: \"F-78623r5_fix\"\n  tag cci: [\"CCI-001891\", \"CCI-002046\"]\n  tag nist: [\"AU-8 (1) (a)\", \"AU-8 (1) (b)\", \"Rev_4\"]\n\n  # Either ntpd or chronyd should be running\n  describe.one do\n    [service('ntpd'), service('chronyd')].each do |time_service|\n      describe time_service do\n        it { should be_running }\n        it { should be_enabled }\n        it { should be_installed }\n      end\n    end\n  end\n\n  if service('ntpd').installed?\n    time_service = service('ntpd')\n    time_sources = ntp_conf('/etc/ntp.conf').server\n    max_poll_values = time_sources.map { |val| val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/,'\\1').to_i : 99 }\n    ntpdate_crons = command('grep -l \"ntpd -q\" /etc/cron.daily/*').stdout.strip.lines\n\n    describe \"ntpd time sources list\" do\n      subject { time_sources }\n      it { should_not be_empty }\n    end\n\n    describe.one do\n      # Case where maxpoll empty\n      describe \"Daily cron jobs for 'ntpd -q'\" do\n        subject { ntpdate_crons }\n        it { should_not be_empty }\n      end\n      # All time sources must contain valid maxpoll entries\n      describe \"ntpd maxpoll values (99=maxpoll absent)\" do\n        subject { max_poll_values }\n        it { should all be &lt; 17 }\n      end\n    end\n  end\n\n  if service('chronyd').installed?\n    time_service = service('chronyd')\n    time_sources = ntp_conf('/etc/chrony.conf').server\n    max_poll_values = time_sources.map { |val| val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/,'\\1').to_i : 99 }\n\n    describe \"chronyd time sources list\" do\n      subject { time_sources }\n      it { should_not be_empty }\n    end\n      \n    # All time sources must contain valid maxpoll entries\n    describe \"chronyd maxpoll values (99=maxpoll absent)\" do\n      subject { max_poll_values }\n      it { should all be &lt; 17 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service chronyd is expected to be running
+--------------------------------
+passed :: TEST Service chronyd is expected to be enabled
+--------------------------------
+passed :: TEST Service chronyd is expected to be installed
+--------------------------------
+passed :: TEST chronyd time sources list is expected not to be empty
+--------------------------------
+passed :: TEST chronyd maxpoll values (99=maxpoll absent) is expected to all be &lt; 17</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71931</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000076-GPOS-00044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86555r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010260</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that existing passwords are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that existing passwords are restricted to a 60-day maximum lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked.
 Therefore, passwords need to be changed periodically. If the operating system
 does not limit the lifetime of passwords and force users to change their
 passwords, there is the risk that the operating system passwords could be
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check whether the maximum time period for existing passwords is restricted
 to 60 days.
 
-    # awk -F: &#39;$5 &gt; 60 {print $1 &quot; &quot; $5}&#39; &#x2F;etc&#x2F;shadow
+    # awk -F: '$5 &gt; 60 {print $1 " " $5}' /etc/shadow
 
     If any results are returned that are not associated with a system account,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure non-compliant accounts to enforce a 60-day maximum password
 lifetime restriction.
 
-    # chage -M 60 [user]</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>158ab59d-a49c-4621-8d52-dc5fa834248e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;shadow with user &#x3D;&#x3D; &quot;ec2-user&quot; max_days.first.to_i is expected to cmp &lt;&#x3D; 60</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72061</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86685r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chage -M 60 [user]</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71931\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat existing passwords are restricted to a 60-day maximum lifetime.\"\n  desc  \"Any password, no matter how complex, can eventually be cracked.\nTherefore, passwords need to be changed periodically. If the operating system\ndoes not limit the lifetime of passwords and force users to change their\npasswords, there is the risk that the operating system passwords could be\ncompromised.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check whether the maximum time period for existing passwords is restricted\nto 60 days.\n\n    # awk -F: '$5 &gt; 60 {print $1 \\\" \\\" $5}' /etc/shadow\n\n    If any results are returned that are not associated with a system account,\nthis is a finding.\n\n  \"\n  desc  \"fix\", \"\n    Configure non-compliant accounts to enforce a 60-day maximum password\nlifetime restriction.\n\n    # chage -M 60 [user]\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000076-GPOS-00044\"\n  tag gid: \"V-71931\"\n  tag rid: \"SV-86555r3_rule\"\n  tag stig_id: \"RHEL-07-010260\"\n  tag fix_id: \"F-78283r1_fix\"\n  tag cci: [\"CCI-000199\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  shadow.users.each do |user|\n    # filtering on non-system accounts (uid &gt;= 1000)\n    next unless user(user).uid &gt;= 1000\n    describe shadow.users(user) do\n      its('max_days.first.to_i') { should cmp &lt;= 60 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/shadow with user == "ec2-user" max_days.first.to_i is expected to cmp &lt;= 60</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72061</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86685r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for &#x2F;var.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for /var.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for &quot;&#x2F;var&quot;.
-
-    Check that a file system&#x2F;partition has been created for &quot;&#x2F;var&quot; with the
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for "/var".
+
+    Check that a file system/partition has been created for "/var" with the
 following command:
 
-    # grep &#x2F;var &#x2F;etc&#x2F;fstab
-    UUID&#x3D;c274f65f    &#x2F;var                    ext4    noatime,nobarrier        1
+    # grep /var /etc/fstab
+    UUID=c274f65f    /var                    ext4    noatime,nobarrier        1
 2
 
-    If a separate entry for &quot;&#x2F;var&quot; is not in use, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the &quot;&#x2F;var&quot; path onto a separate file system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f6f4aa2b-bd74-4fcf-ac7e-1577b3984d21</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;var is expected to be mounted
-
-Mount &#x2F;var is not mounted
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92255</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102357r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If a separate entry for "/var" is not in use, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the "/var" path onto a separate file system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72061\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for /var.\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for \\\"/var\\\".\n\n    Check that a file system/partition has been created for \\\"/var\\\" with the\nfollowing command:\n\n    # grep /var /etc/fstab\n    UUID=c274f65f    /var                    ext4    noatime,nobarrier        1\n2\n\n    If a separate entry for \\\"/var\\\" is not in use, this is a finding.\n  \"\n  desc  \"fix\", \"Migrate the \\\"/var\\\" path onto a separate file system.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72061\"\n  tag rid: \"SV-86685r2_rule\"\n  tag stig_id: \"RHEL-07-021320\"\n  tag fix_id: \"F-78413r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/var') do\n    it { should be_mounted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /var is expected to be mounted :: MESSAGE 
+Mount /var is not mounted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92255</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102357r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have a host-based
-intrusion detection tool installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+intrusion detection tool installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Adding host-based intrusion detection tools can provide the capability
 to automatically take actions in response to malicious behavior, which can
 provide additional agility in reacting to network threats. These tools also
 often include a reporting capability to provide network awareness of the
-system, which may not otherwise exist in an organization&#39;s systems management
-regime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system, which may not otherwise exist in an organization's systems management
+regime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Ask the SA or ISSO if a host-based intrusion detection application is
 loaded on the system. Per OPORD 16-0080, the preferred intrusion detection
 system is McAfee HBSS available through the U.S. Cyber Command (USCYBERCOM).
@@ -14366,12 +13698,12 @@ SELinux, this must be documented and approved by the local Authorizing Official.
 
     Verify that the McAfee HIPS module is active on the system:
 
-    # ps -ef | grep -i hipclient
+    # ps -ef | grep -i “hipclient”
 
     If the MFEhiplsm package is not installed, check for another intrusion
 detection system:
 
-    # find &#x2F; -name &lt;daemon name&gt;
+    # find / -name &lt;daemon name&gt;
 
     Where &lt;daemon name&gt; is the name of the primary application daemon to
 determine if the application is loaded on the system.
@@ -14385,146 +13717,138 @@ intrusion detection application has not been documented for use, this is a
 finding.
 
     If no host-based intrusion detection system is installed and running on the
-system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install and enable the latest McAfee HIPS package, available from
 USCYBERCOM.
 
     Note: If the system does not support the McAfee HIPS package, install and
 enable a supported intrusion detection system application and document its use
-with the Authorizing Official.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f65aa6a4-84a7-4320-86cf-16a502cff348</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001263</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package MFEhiplsm is expected to be installed
-expected that &#x60;System Package MFEhiplsm&#x60; is installed
---------------------------------
-passed
-Processes &#x2F;hipclient&#x2F; is expected to exist
-expected Processes &#x2F;hipclient&#x2F; to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71893</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86517r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010070</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+with the Authorizing Official.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92255\" do\n  title \"The Red Hat Enterprise Linux operating system must have a host-based\nintrusion detection tool installed.\"\n  desc  \"Adding host-based intrusion detection tools can provide the capability\nto automatically take actions in response to malicious behavior, which can\nprovide additional agility in reacting to network threats. These tools also\noften include a reporting capability to provide network awareness of the\nsystem, which may not otherwise exist in an organization's systems management\nregime.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Ask the SA or ISSO if a host-based intrusion detection application is\nloaded on the system. Per OPORD 16-0080, the preferred intrusion detection\nsystem is McAfee HBSS available through the U.S. Cyber Command (USCYBERCOM).\n\n    If another host-based intrusion detection application is in use, such as\nSELinux, this must be documented and approved by the local Authorizing Official.\n\n    Procedure:\n    Examine the system to determine if the Host Intrusion Prevention System\n(HIPS) is installed:\n\n    # rpm -qa | grep MFEhiplsm\n\n    Verify that the McAfee HIPS module is active on the system:\n\n    # ps -ef | grep -i “hipclient”\n\n    If the MFEhiplsm package is not installed, check for another intrusion\ndetection system:\n\n    # find / -name &lt;daemon name&gt;\n\n    Where &lt;daemon name&gt; is the name of the primary application daemon to\ndetermine if the application is loaded on the system.\n\n    Determine if the application is active on the system:\n\n    # ps -ef | grep -i &lt;daemon name&gt;\n\n    If the MFEhiplsm package is not installed and an alternate host-based\nintrusion detection application has not been documented for use, this is a\nfinding.\n\n    If no host-based intrusion detection system is installed and running on the\nsystem, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Install and enable the latest McAfee HIPS package, available from\nUSCYBERCOM.\n\n    Note: If the system does not support the McAfee HIPS package, install and\nenable a supported intrusion detection system application and document its use\nwith the Authorizing Official.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000196\"\n  tag gid: \"V-92255\"\n  tag rid: \"SV-102357r1_rule\"\n  tag stig_id: \"RHEL-07-020019\"\n  tag fix_id: \"F-98477r1_fix\"\n  tag cci: [\"CCI-001263\"]\n  tag nist: [\"SI-4 (5)\", \"Rev_4\"]\n\n  custom_hips = input('custom_hips')\n\n  if ! custom_hips\n    describe package('MFEhiplsm') do\n      it { should be_installed }\n    end\n    describe processes(/hipclient/) do\n      it { should exist }\n    end\n  else\n    # Special case for SELinux\n    sel_mode = command('getenforce').stdout.strip\n    custom_hips_daemon = input('custom_hips_daemon')\n    max_daemon_processes = input('max_daemon_processes')\n\n    describe.one do\n      describe \"SELinux mode\" do\n        subject { sel_mode }\n        it { should cmp 'Enforcing' }\n      end\n      describe processes(/#{custom_hips_daemon}/) do\n        it { should exist }\n        its('count') { should be &lt; max_daemon_processes }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001263</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package MFEhiplsm is expected to be installed :: MESSAGE expected that `System Package MFEhiplsm` is installed
+--------------------------------
+passed :: TEST Processes /hipclient/ is expected to exist :: MESSAGE expected Processes /hipclient/ to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71893</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86517r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010070</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a
 screensaver after a 15-minute period of inactivity for graphical user
-interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a screensaver after a 15-minute
 period of inactivity for graphical user interfaces. The screen program must be
 installed to lock sessions on the console.
@@ -14535,148 +13859,142 @@ Applicable.
     Check to see if GNOME is configured to display a screensaver after a 15
 minute delay with the following command:
 
-    # grep -i idle-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    idle-delay&#x3D;uint32 900
+    # grep -i idle-delay /etc/dconf/db/local.d/*
+    idle-delay=uint32 900
 
-    If the &quot;idle-delay&quot; setting is missing or is not set to &quot;900&quot; or less,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "idle-delay" setting is missing or is not set to "900" or less,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a screensaver after a 15-minute
 period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
-    Edit &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver and add or update the following
+    Edit /etc/dconf/db/local.d/00-screensaver and add or update the following
 lines:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;session]
+    [org/gnome/desktop/session]
     # Set the lock time out to 900 seconds before the session is considered idle
-    idle-delay&#x3D;uint32 900
+    idle-delay=uint32 900
 
-    You must include the &quot;uint32&quot; along with the integer key values as shown.
+    You must include the "uint32" along with the integer key values as shown.
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f19de067-04bf-42bd-89e6-10a5fffdd49b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71915</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86539r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010180</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71893\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a\nscreensaver after a 15-minute period of inactivity for graphical user\ninterfaces.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a screensaver after a 15-minute\nperiod of inactivity for graphical user interfaces. The screen program must be\ninstalled to lock sessions on the console.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if GNOME is configured to display a screensaver after a 15\nminute delay with the following command:\n\n    # grep -i idle-delay /etc/dconf/db/local.d/*\n    idle-delay=uint32 900\n\n    If the \\\"idle-delay\\\" setting is missing or is not set to \\\"900\\\" or less,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a screensaver after a 15-minute\nperiod of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Edit /etc/dconf/db/local.d/00-screensaver and add or update the following\nlines:\n\n    [org/gnome/desktop/session]\n    # Set the lock time out to 900 seconds before the session is considered idle\n    idle-delay=uint32 900\n\n    You must include the \\\"uint32\\\" along with the integer key values as shown.\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71893\"\n  tag rid: \"SV-86517r5_rule\"\n  tag stig_id: \"RHEL-07-010070\"\n  tag fix_id: \"F-78245r5_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  unless package('gnome-desktop3').installed?\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  else \n    describe command(\"gsettings get org.gnome.desktop.session idle-delay | cut -d ' ' -f2\") do\n      its('stdout.strip') { should cmp &lt;= 900 }\n    end \n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71915</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86539r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010180</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed the number of repeating consecutive characters
-must not be more than three characters.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must not be more than three characters.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -14685,617 +14003,590 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;maxrepeat&quot; option sets the maximum number of allowed same
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "maxrepeat" option sets the maximum number of allowed same
 consecutive characters in a new password.
 
-    Check for the value of the &quot;maxrepeat&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "maxrepeat" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep maxrepeat &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    maxrepeat &#x3D; 3
+    # grep maxrepeat /etc/security/pwquality.conf
+    maxrepeat = 3
 
-    If the value of &quot;maxrepeat&quot; is set to more than &quot;3&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "maxrepeat" is set to more than "3", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of the number of
 repeating consecutive characters when passwords are changed by setting the
-&quot;maxrepeat&quot; option.
+"maxrepeat" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf conf&quot; (or modify
+    Add the following line to "/etc/security/pwquality.conf conf" (or modify
 the line to have the required value):
 
-    maxrepeat &#x3D; 3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0e8f012e-d65e-4683-abb0-f03c42971e34</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf maxrepeat.to_i is expected to cmp &lt;&#x3D; 3</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81013</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95725r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021024</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the noexec option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;noexec&quot; mount option causes the system to not execute binary
+    maxrepeat = 3</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71915\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed the number of repeating consecutive characters\nmust not be more than three characters.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"maxrepeat\\\" option sets the maximum number of allowed same\nconsecutive characters in a new password.\n\n    Check for the value of the \\\"maxrepeat\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep maxrepeat /etc/security/pwquality.conf\n    maxrepeat = 3\n\n    If the value of \\\"maxrepeat\\\" is set to more than \\\"3\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of the number of\nrepeating consecutive characters when passwords are changed by setting the\n\\\"maxrepeat\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf conf\\\" (or modify\nthe line to have the required value):\n\n    maxrepeat = 3\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71915\"\n  tag rid: \"SV-86539r3_rule\"\n  tag stig_id: \"RHEL-07-010180\"\n  tag fix_id: \"F-78267r2_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('maxrepeat.to_i') { should cmp &lt;= 3 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf maxrepeat.to_i is expected to cmp &lt;= 3</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81013</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95725r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021024</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the noexec option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "noexec" mount option causes the system to not execute binary
 files. This option must be used for mounting any file system not containing
 approved binary files as they may be incompatible. Executing files from
 untrusted file systems increases the opportunity for unprivileged users to
-attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;noexec&quot; option is configured for &#x2F;dev&#x2F;shm:
+attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "noexec" option is configured for /dev/shm:
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
+    # cat /etc/fstab | grep /dev/shm
 
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;noexec&quot; option is not listed, this
+    If any results are returned and the "noexec" option is not listed, this
 is a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;noexec&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep noexec
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;noexec&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4858a590-cc55-4496-9ad1-67aa4579a41f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;noexec&quot;
-expected [&quot;rw&quot;, &quot;nosuid&quot;, &quot;nodev&quot;, &quot;seclabel&quot;] to include &quot;noexec&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73173</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87825r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030874</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "noexec" option:
+
+    # mount | grep "/dev/shm" | grep noexec
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"noexec" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81013\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe noexec option.\"\n  desc  \"The \\\"noexec\\\" mount option causes the system to not execute binary\nfiles. This option must be used for mounting any file system not containing\napproved binary files as they may be incompatible. Executing files from\nuntrusted file systems increases the opportunity for unprivileged users to\nattain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"noexec\\\" option is configured for /dev/shm:\n\n    # cat /etc/fstab | grep /dev/shm\n\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"noexec\\\" option is not listed, this\nis a finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"noexec\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep noexec\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"noexec\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81013\"\n  tag rid: \"SV-95725r2_rule\"\n  tag stig_id: \"RHEL-07-021024\"\n  tag fix_id: \"F-87847r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'noexec' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "noexec" :: MESSAGE expected ["rw", "nosuid", "nodev", "seclabel"] to include "noexec"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73173</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87825r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030874</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;opasswd.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/opasswd.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;opasswd.
+/etc/opasswd.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;security&#x2F;opasswd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/security/opasswd /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;security&#x2F;opasswd -p wa -k identity
+    -w /etc/security/opasswd -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&#x2F;etc&#x2F;opasswd.
+/etc/opasswd.
 
     Add or update the following file system rule in
-&quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+"/etc/audit/rules.d/audit.rules":
 
-    -w &#x2F;etc&#x2F;security&#x2F;opasswd -p wa -k identity
+    -w /etc/security/opasswd -p wa -k identity
 
     The audit daemon must be restarted for the changes to take effect:
-    # systemctl restart auditd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>23528817-5e02-462d-9cd2-5cc200952224</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;security&#x2F;opasswd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;security&#x2F;opasswd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72117</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86741r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl restart auditd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73173\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/opasswd.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/opasswd.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/security/opasswd /etc/audit/audit.rules\n\n    -w /etc/security/opasswd -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n/etc/opasswd.\n\n    Add or update the following file system rule in\n\\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/security/opasswd -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect:\n    # systemctl restart auditd\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73173\"\n  tag rid: \"SV-87825r5_rule\"\n  tag stig_id: \"RHEL-07-030874\"\n  tag fix_id: \"F-79619r6_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/security/opasswd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/security/opasswd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/security/opasswd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72117</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86741r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the removexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the removexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;removexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "removexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw removexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw removexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;removexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"removexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;removexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "removexattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S removexattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0f337780-2ebb-4839-9320-1a3c63f6a987</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;removexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71951</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00226</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86575r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72117\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe removexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"removexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw removexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"removexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"removexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72117\"\n  tag rid: \"SV-86741r5_rule\"\n  tag stig_id: \"RHEL-07-030470\"\n  tag fix_id: \"F-78469r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"removexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"removexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "removexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71951</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00226</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86575r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the delay between logon prompts following a failed console logon attempt
-is at least four seconds.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+is at least four seconds.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring the operating system to implement organization-wide
 security implementation guides and security checklists verifies compliance with
 federal standards and establishes a common security baseline across DoD that
@@ -15304,605 +14595,580 @@ requirements.
 
     Configuration settings are the set of parameters that can be changed in
 hardware, software, or firmware components of the system that affect the
-security posture and&#x2F;or functionality of the system. Security-related
+security posture and/or functionality of the system. Security-related
 parameters are those parameters impacting the security state of the system,
 including the parameters required to satisfy other security control
 requirements. Security-related parameters include, for example, registry
 settings; account, file, and directory permission settings; and settings for
-functions, ports, protocols, services, and remote connections.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+functions, ports, protocols, services, and remote connections.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces a delay of at least four seconds
 between console logon prompts following a failed logon attempt.
 
-    Check the value of the &quot;fail_delay&quot; parameter in the &quot;&#x2F;etc&#x2F;login.defs&quot;
+    Check the value of the "fail_delay" parameter in the "/etc/login.defs"
 file with the following command:
 
-    # grep -i fail_delay &#x2F;etc&#x2F;login.defs
+    # grep -i fail_delay /etc/login.defs
     FAIL_DELAY 4
 
-    If the value of &quot;FAIL_DELAY&quot; is not set to &quot;4&quot; or greater, or the line
-is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "FAIL_DELAY" is not set to "4" or greater, or the line
+is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce a delay of at least four seconds
 between logon prompts following a failed console logon attempt.
 
-    Modify the &quot;&#x2F;etc&#x2F;login.defs&quot; file to set the &quot;FAIL_DELAY&quot; parameter to
-&quot;4&quot; or greater:
-
-    FAIL_DELAY 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>60c4b2a5-14f9-401c-b782-69172192cfb4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs FAIL_DELAY.to_i is expected to cmp &gt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86661r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020730</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify the "/etc/login.defs" file to set the "FAIL_DELAY" parameter to
+"4" or greater:
+
+    FAIL_DELAY 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71951\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the delay between logon prompts following a failed console logon attempt\nis at least four seconds.\"\n  desc  \"Configuring the operating system to implement organization-wide\nsecurity implementation guides and security checklists verifies compliance with\nfederal standards and establishes a common security baseline across DoD that\nreflects the most restrictive security posture consistent with operational\nrequirements.\n\n    Configuration settings are the set of parameters that can be changed in\nhardware, software, or firmware components of the system that affect the\nsecurity posture and/or functionality of the system. Security-related\nparameters are those parameters impacting the security state of the system,\nincluding the parameters required to satisfy other security control\nrequirements. Security-related parameters include, for example, registry\nsettings; account, file, and directory permission settings; and settings for\nfunctions, ports, protocols, services, and remote connections.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces a delay of at least four seconds\nbetween console logon prompts following a failed logon attempt.\n\n    Check the value of the \\\"fail_delay\\\" parameter in the \\\"/etc/login.defs\\\"\nfile with the following command:\n\n    # grep -i fail_delay /etc/login.defs\n    FAIL_DELAY 4\n\n    If the value of \\\"FAIL_DELAY\\\" is not set to \\\"4\\\" or greater, or the line\nis commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce a delay of at least four seconds\nbetween logon prompts following a failed console logon attempt.\n\n    Modify the \\\"/etc/login.defs\\\" file to set the \\\"FAIL_DELAY\\\" parameter to\n\\\"4\\\" or greater:\n\n    FAIL_DELAY 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00226\"\n  tag gid: \"V-71951\"\n  tag rid: \"SV-86575r2_rule\"\n  tag stig_id: \"RHEL-07-010430\"\n  tag fix_id: \"F-78303r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe login_defs do\n    its('FAIL_DELAY.to_i') { should cmp &gt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs FAIL_DELAY.to_i is expected to cmp &gt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86661r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020730</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that local initialization files do not execute world-writable programs.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that local initialization files do not execute world-writable programs.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This control consistently takes a long to run and has been disabled
-          using the disable_slow_controls attribute.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+          using the disable_slow_controls attribute.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that local initialization files do not execute world-writable
 programs.
 
     Check the system for world-writable files with the following command:
 
-    # find &#x2F; -xdev -perm -002 -type f -exec ls -ld {} \; | more
+    # find / -xdev -perm -002 -type f -exec ls -ld {} \; | more
 
     For all files listed, check for their presence in the local initialization
 files with the following commands:
 
-    Note: The example will be for a system that is configured to create users&#39;
-home directories in the &quot;&#x2F;home&quot; directory.
+    Note: The example will be for a system that is configured to create users'
+home directories in the "/home" directory.
 
-    # grep &lt;file&gt; &#x2F;home&#x2F;*&#x2F;.*
+    # grep &lt;file&gt; /home/*/.*
 
     If any local initialization files are found to reference world-writable
-files, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+files, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the mode on files being executed by the local initialization files with
 the following command:
 
-    # chmod 0755 &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ecad2dca-a414-4b37-9857-69d78b7278dc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long to run and has been disabled
-  using the disable_slow_controls attribute.
-This control consistently takes a long to run and has been disabled
+    # chmod 0755 &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72037\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat local initialization files do not execute world-writable programs.\"\n  if input('disable_slow_controls')\n    desc \"This control consistently takes a long to run and has been disabled\n          using the disable_slow_controls attribute.\"\n  else\n  desc  \"If user start-up files execute world-writable programs, especially in\nunprotected directories, they could be maliciously modified to destroy user\nfiles or otherwise compromise the system at the user level. If the system is\ncompromised at the user level, it is easier to elevate privileges to eventually\ncompromise the system at the root and network level.\"\n  end\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that local initialization files do not execute world-writable\nprograms.\n\n    Check the system for world-writable files with the following command:\n\n    # find / -xdev -perm -002 -type f -exec ls -ld {} \\\\; | more\n\n    For all files listed, check for their presence in the local initialization\nfiles with the following commands:\n\n    Note: The example will be for a system that is configured to create users'\nhome directories in the \\\"/home\\\" directory.\n\n    # grep &lt;file&gt; /home/*/.*\n\n    If any local initialization files are found to reference world-writable\nfiles, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the mode on files being executed by the local initialization files with\nthe following command:\n\n    # chmod 0755 &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72037\"\n  tag rid: \"SV-86661r2_rule\"\n  tag stig_id: \"RHEL-07-020730\"\n  tag fix_id: \"F-78389r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  if input('disable_slow_controls')\n    describe \"This control consistently takes a long to run and has been disabled\n  using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long to run and has been disabled\n  using the disable_slow_controls attribute. You must enable this control for a\n  full accredidation for production.\"\n  end\n  else\n    ignore_shells = non_interactive_shells.join('|')\n\n    #Get home directory for users with UID &gt;= 1000 or UID == 0 and support interactive logins.\n    dotfiles = Set[]\n    u = users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries\n    #For each user, build and execute a find command that identifies initialization files\n    #in a user's home directory.\n    u.each do |user|\n      dotfiles = dotfiles + command(\"find #{user.home} -xdev -maxdepth 2 ( -name '.*' ! -name '.bash_history' ) -type f\").stdout.split(\"\\n\")\n    end\n    ww_files = Set[]\n    ww_files = command('find / -xdev -perm -002 -type f -exec ls {} \\;').stdout.lines\n\n    #To reduce the number of commands ran, we use a pattern file in the grep command below\n    #So we don't have too long of a grep command, we chunk the list of ww_files\n    #into strings not longer than PATTERN_FILE_MAX_LENGTH\n    #Based on MAX_ARG_STRLEN, /usr/include/linux/binfmts.h\n    #We cut off 100 to leave room for the rest of the arguments\n    PATTERN_FILE_MAX_LENGTH=command(\"getconf PAGE_SIZE\").stdout.to_i * 32 - 100\n    ww_chunked=[\"\"]\n    ww_files.each do |item|\n      item = item.strip\n      if item.length + \"\\n\".length &gt; PATTERN_FILE_MAX_LENGTH\n        raise \"Single pattern is longer than PATTERN_FILE_MAX_LENGTH\"\n      end\n      if ww_chunked[-1].length + \"\\n\".length + item.length &gt; PATTERN_FILE_MAX_LENGTH\n        ww_chunked.append(\"\")\n      end\n      ww_chunked[-1] += \"\\n\" + item  # This will leave an extra newline at the beginning of chunks\n    end\n    ww_chunked = ww_chunked.map(&amp;:strip)  # This gets rid of the beginning newlines\n    if ww_chunked[0] == \"\"\n      ww_chunked = []  # If we didn't have any ww_files, this will prevent an empty grep pattern\n    end\n\n    #Check each dotfile for existence of each world-writeable file\n    findings = Set[]\n    dotfiles.each do |dotfile|\n      dotfile = dotfile.strip\n      ww_chunked.each do |ww_pattern_file|\n        count = command(\"grep -c -f &lt;(echo \\\"#{ww_pattern_file}\\\") \\\"#{dotfile}\\\"\").stdout.strip.to_i\n        findings &lt;&lt; dotfile if count &gt; 0\n      end\n    end\n    describe \"Local initialization files that are found to reference world-writable files\" do\n      subject { findings.to_a }\n      it { should be_empty }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long to run and has been disabled
+  using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long to run and has been disabled
   using the disable_slow_controls attribute. You must enable this control for a
-  full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72121</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86745r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030490</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+  full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72121</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86745r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030490</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lremovexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lremovexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lremovexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "lremovexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lremovexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lremovexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lremovexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"lremovexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lremovexattr&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    -a always,exit -F arch&#x3D;b64 -S lremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6696fa52-8797-413e-b81d-7b38437fda1a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86629r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "lremovexattr" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72121\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lremovexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lremovexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lremovexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lremovexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"lremovexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72121\"\n  tag rid: \"SV-86745r5_rule\"\n  tag stig_id: \"RHEL-07-030490\"\n  tag fix_id: \"F-78473r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lremovexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lremovexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lremovexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86629r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the root account must be the only account having unrestricted access to
-the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an account other than root also has a User Identifier (UID) of
-&quot;0&quot;, it has root authority, giving that account unrestricted access to the
-entire operating system. Multiple accounts with a UID of &quot;0&quot; afford an
+"0", it has root authority, giving that account unrestricted access to the
+entire operating system. Multiple accounts with a UID of "0" afford an
 opportunity for potential intruders to guess a password for a privileged
-account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Check the system for duplicate UID &quot;0&quot; assignments with the following
+account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Check the system for duplicate UID "0" assignments with the following
 command:
 
-    # awk -F: &#39;$3 &#x3D;&#x3D; 0 {print $1}&#39; &#x2F;etc&#x2F;passwd
+    # awk -F: '$3 == 0 {print $1}' /etc/passwd
 
-    If any accounts other than root have a UID of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any accounts other than root have a UID of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Change the UID of any account on the system, other than root, that has a
-UID of &quot;0&quot;.
+UID of "0".
 
     If the account is associated with system commands or applications, the UID
-should be changed to one greater than &quot;0&quot; but less than &quot;1000&quot;. Otherwise,
-assign a UID of greater than &quot;1000&quot; that has not already been assigned.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3fa7fa28-9460-4cb7-bfe4-d2eafebb8db1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;passwd with uid &#x3D;&#x3D; 0 users is expected to cmp &#x3D;&#x3D; &quot;root&quot;
---------------------------------
-passed
-&#x2F;etc&#x2F;passwd with uid &#x3D;&#x3D; 0 entries.length is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86877r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040400</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+should be changed to one greater than "0" but less than "1000". Otherwise,
+assign a UID of greater than "1000" that has not already been assigned.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72005\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the root account must be the only account having unrestricted access to\nthe system.\"\n  desc  \"If an account other than root also has a User Identifier (UID) of\n\\\"0\\\", it has root authority, giving that account unrestricted access to the\nentire operating system. Multiple accounts with a UID of \\\"0\\\" afford an\nopportunity for potential intruders to guess a password for a privileged\naccount.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the system for duplicate UID \\\"0\\\" assignments with the following\ncommand:\n\n    # awk -F: '$3 == 0 {print $1}' /etc/passwd\n\n    If any accounts other than root have a UID of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the UID of any account on the system, other than root, that has a\nUID of \\\"0\\\".\n\n    If the account is associated with system commands or applications, the UID\nshould be changed to one greater than \\\"0\\\" but less than \\\"1000\\\". Otherwise,\nassign a UID of greater than \\\"1000\\\" that has not already been assigned.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72005\"\n  tag rid: \"SV-86629r2_rule\"\n  tag stig_id: \"RHEL-07-020310\"\n  tag fix_id: \"F-78357r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe passwd.uids(0) do\n    its('users') { should cmp 'root' }\n    its('entries.length') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/passwd with uid == 0 users is expected to cmp == "root"
+--------------------------------
+passed :: TEST /etc/passwd with uid == 0 entries.length is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000250-GPOS-00093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86877r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040400</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon is configured to only use Message Authentication Codes
-(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>DoD information systems are required to use FIPS 140-2 approved
 cryptographic hash functions. The only SSHv2 hash algorithm meeting this
-requirement is SHA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+requirement is SHA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon is configured to only use MACs employing FIPS
 140-2-approved ciphers.
 
@@ -15913,1495 +15179,1440 @@ hashes.
     Check that the SSH daemon is configured to only use MACs employing FIPS
 140-2-approved ciphers with the following command:
 
-    # grep -i macs &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i macs /etc/ssh/sshd_config
     MACs hmac-sha2-256,hmac-sha2-512
 
-    If any ciphers other than &quot;hmac-sha2-256&quot; or &quot;hmac-sha2-512&quot; are listed
-or the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for the
-&quot;MACs&quot; keyword and set its value to &quot;hmac-sha2-256&quot; and&#x2F;or
-&quot;hmac-sha2-512&quot; (this file may be named differently or be in a different
+    If any ciphers other than "hmac-sha2-256" or "hmac-sha2-512" are listed
+or the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the
+"MACs" keyword and set its value to "hmac-sha2-256" and/or
+"hmac-sha2-512" (this file may be named differently or be in a different
 location if using a version of SSH that is provided by a third-party vendor):
 
     MACs hmac-sha2-256,hmac-sha2-512
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>227c0d5c-2706-430b-ad76-6afba96fcbdd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-hmac-sha2-256 is expected to be in &quot;hmac-sha2-256&quot; and &quot;hmac-sha2-512&quot;
---------------------------------
-passed
-hmac-sha2-512 is expected to be in &quot;hmac-sha2-256&quot; and &quot;hmac-sha2-512&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86673r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72253\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon is configured to only use Message Authentication Codes\n(MACs) employing FIPS 140-2 approved cryptographic hash algorithms.\"\n  desc  \"DoD information systems are required to use FIPS 140-2 approved\ncryptographic hash functions. The only SSHv2 hash algorithm meeting this\nrequirement is SHA.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon is configured to only use MACs employing FIPS\n140-2-approved ciphers.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding as\nthe system cannot implement FIPS 140-2-approved cryptographic algorithms and\nhashes.\n\n    Check that the SSH daemon is configured to only use MACs employing FIPS\n140-2-approved ciphers with the following command:\n\n    # grep -i macs /etc/ssh/sshd_config\n    MACs hmac-sha2-256,hmac-sha2-512\n\n    If any ciphers other than \\\"hmac-sha2-256\\\" or \\\"hmac-sha2-512\\\" are listed\nor the returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for the\n\\\"MACs\\\" keyword and set its value to \\\"hmac-sha2-256\\\" and/or\n\\\"hmac-sha2-512\\\" (this file may be named differently or be in a different\nlocation if using a version of SSH that is provided by a third-party vendor):\n\n    MACs hmac-sha2-256,hmac-sha2-512\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000250-GPOS-00093\"\n  tag gid: \"V-72253\"\n  tag rid: \"SV-86877r3_rule\"\n  tag stig_id: \"RHEL-07-040400\"\n  tag fix_id: \"F-78607r2_fix\"\n  tag cci: [\"CCI-001453\"]\n  tag nist: [\"AC-17 (2)\", \"Rev_4\"]\n\n  @macs = inspec.sshd_config.params(\"macs\")\n  if @macs.nil?\n    # fail fast\n    describe 'The `sshd_config` setting for `MACs`' do\n    subject { @macs }\n      it 'should be explicitly set and not commented out' do\n        expect(subject).not_to be_nil\n      end\n    end\n  else\n    @macs.first.split(\",\").each do |mac|\n      describe mac do\n        it { should be_in ['hmac-sha2-256', 'hmac-sha2-512'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST hmac-sha2-256 is expected to be in "hmac-sha2-256" and "hmac-sha2-512"
+--------------------------------
+passed :: TEST hmac-sha2-512 is expected to be in "hmac-sha2-256" and "hmac-sha2-512"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86673r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must set the umask value
-to 077 for all local interactive user accounts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+to 077 for all local interactive user accounts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The umask controls the default access mode assigned to newly created
 files. A umask of 077 limits new files to mode 700 or less permissive. Although
 umask can be represented as a four-digit number, the first digit representing
-special access modes is typically ignored or required to be &quot;0&quot;. This
+special access modes is typically ignored or required to be "0". This
 requirement applies to the globally configured system defaults and the local
-interactive user defaults for each account on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the default umask for all local interactive users is &quot;077&quot;.
+interactive user defaults for each account on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the default umask for all local interactive users is "077".
 
     Identify the locations of all local interactive user home directories by
-looking at the &quot;&#x2F;etc&#x2F;passwd&quot; file.
+looking at the "/etc/passwd" file.
 
     Check all local interactive user initialization files for interactive users
 with the following command:
 
     Note: The example is for a system that is configured to create users home
-directories in the &quot;&#x2F;home&quot; directory.
+directories in the "/home" directory.
 
-    # grep -i umask &#x2F;home&#x2F;*&#x2F;.*
+    # grep -i umask /home/*/.*
 
     If any local interactive user initialization files are found to have a
-umask statement that has a value less restrictive than &quot;077&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove the umask statement from all local interactive user&#39;s initialization
+umask statement that has a value less restrictive than "077", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove the umask statement from all local interactive user's initialization
 files.
 
     If the account is for an application, the requirement for a umask less
-restrictive than &quot;077&quot; can be documented with the Information System Security
+restrictive than "077" can be documented with the Information System Security
 Officer, but the user agreement for access to the account must specify that the
 local interactive user must log on to their account first and then switch the
-user to the application account with the correct option to gain the account&#39;s
-environment variables.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>170e3386-05d5-4e4e-897a-363e477031b8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No interactive user initialization files with a less restrictive umask were found. is expected to eq true
---------------------------------
-passed
-No users were found with a less restrictive umask were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72309</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86933r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040740</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+user to the application account with the correct option to gain the account's
+environment variables.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72049\" do\n  title \"The Red Hat Enterprise Linux operating system must set the umask value\nto 077 for all local interactive user accounts.\"\n  desc  \"The umask controls the default access mode assigned to newly created\nfiles. A umask of 077 limits new files to mode 700 or less permissive. Although\numask can be represented as a four-digit number, the first digit representing\nspecial access modes is typically ignored or required to be \\\"0\\\". This\nrequirement applies to the globally configured system defaults and the local\ninteractive user defaults for each account on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the default umask for all local interactive users is \\\"077\\\".\n\n    Identify the locations of all local interactive user home directories by\nlooking at the \\\"/etc/passwd\\\" file.\n\n    Check all local interactive user initialization files for interactive users\nwith the following command:\n\n    Note: The example is for a system that is configured to create users home\ndirectories in the \\\"/home\\\" directory.\n\n    # grep -i umask /home/*/.*\n\n    If any local interactive user initialization files are found to have a\numask statement that has a value less restrictive than \\\"077\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Remove the umask statement from all local interactive user's initialization\nfiles.\n\n    If the account is for an application, the requirement for a umask less\nrestrictive than \\\"077\\\" can be documented with the Information System Security\nOfficer, but the user agreement for access to the account must specify that the\nlocal interactive user must log on to their account first and then switch the\nuser to the application account with the correct option to gain the account's\nenvironment variables.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72049\"\n  tag rid: \"SV-86673r2_rule\"\n  tag stig_id: \"RHEL-07-021040\"\n  tag fix_id: \"F-78401r3_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  non_interactive_shells = input('non_interactive_shells')\n\n  # Get all interactive users\n  ignore_shells = non_interactive_shells.join('|')\n\n  # Get home directory for users with UID &gt;= 1000 or UID == 0 and support interactive logins.\n  findings = Set[]\n  dotfiles = Set[]\n  umasks = {}\n  umask_findings = Set[]\n\n  # Get UID_MIN from login.defs\n  uid_min = 1000\n  if file(\"/etc/login.defs\").exist?\n    uid_min_val = command(\"grep '^UID_MIN' /etc/login.defs | grep -Po '[0-9]+'\").stdout.split(\"\\n\")\n    if !uid_min_val.empty?\n      uid_min = uid_min_val[0].to_i\n    end\n  end\n\n  interactive_users = users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries\n\n  # For each user, build and execute a find command that identifies initialization files\n  # in a user's home directory.\n  interactive_users.each do |u|\n\n    # Only check if the home directory is local\n    is_local = command(\"df -l #{u.home}\").exit_status\n\n    if is_local == 0\n      # Get user's initialization files\n      dotfiles = dotfiles + command(\"find #{u.home} -xdev -maxdepth 2 ( -name '.*' ! -name '.bash_history' ) -type f\").stdout.split(\"\\n\")\n\n      # Get user's umask\n      umasks.store(u.username,command(\"su -c 'umask' -l #{u.username}\").stdout.chomp(\"\\n\"))\n\n      # Check all local initialization files to see whether or not they are less restrictive than 077.\n      dotfiles.each do |df|\n        if file(df).more_permissive_than?(\"0077\")\n          findings = findings + df\n        end\n      end\n\n      # Check umask for all interactive users\n      umasks.each do |key,value|\n        max_mode = (\"0077\").to_i(8)\n        inv_mode = 0777 ^ max_mode\n        if inv_mode &amp; (value).to_i(8) != 0\n          umask_findings = umask_findings + key\n        end\n      end\n    else\n      describe \"This control skips non-local filesystems\" do\n       skip \"This control has skipped the #{u.home} home directory for #{u.username} because it is not a local filesystem.\"\n     end\n    end\n  end\n\n  # Report on any interactive files that are less restrictive than 077.\n  describe \"No interactive user initialization files with a less restrictive umask were found.\" do\n    subject { findings.empty? }\n    it { should eq true }\n  end\n\n  # Report on any interactive users that have a umask less restrictive than 077.\n  describe \"No users were found with a less restrictive umask were found.\" do\n    subject { umask_findings.empty? }\n    it { should eq true }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No interactive user initialization files with a less restrictive umask were found. is expected to eq true
+--------------------------------
+passed :: TEST No users were found with a less restrictive umask were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72309</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86933r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040740</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not be performing
-packet forwarding unless the system is a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+packet forwarding unless the system is a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Routing protocol daemons are typically used on routers to exchange
 network topology information with other routers. If this software is used when
 not required, system network information may be unnecessarily transmitted
-across the network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+across the network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system is not performing packet forwarding, unless the system is
 a router.
 
-    # grep net.ipv4.ip_forward &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/*
 
-    net.ipv4.ip_forward &#x3D; 0
+    net.ipv4.ip_forward = 0
 
-    If &quot;net.ipv4.ip_forward&quot; is not configured in the &#x2F;etc&#x2F;sysctl.conf file
-or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or does not have a value
-of &quot;0&quot;, this is a finding.
+    If "net.ipv4.ip_forward" is not configured in the /etc/sysctl.conf file
+or in the /etc/sysctl.d/ directory, is commented out, or does not have a value
+of "0", this is a finding.
 
     Check that the operating system does not implement IP forwarding using the
 following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.ip_forward
-    net.ipv4.ip_forward &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.ip_forward
+    net.ipv4.ip_forward = 0
 
-    If IP forwarding value is &quot;1&quot; and the system is hosting any application,
-database, or web servers, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If IP forwarding value is "1" and the system is hosting any application,
+database, or web servers, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.ip_forward &#x3D; 0
+    net.ipv4.ip_forward = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a35bec45-e046-468e-95c5-59173d2272eb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.ip_forward value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95715r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010118</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72309\" do\n  title \"The Red Hat Enterprise Linux operating system must not be performing\npacket forwarding unless the system is a router.\"\n  desc  \"Routing protocol daemons are typically used on routers to exchange\nnetwork topology information with other routers. If this software is used when\nnot required, system network information may be unnecessarily transmitted\nacross the network.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system is not performing packet forwarding, unless the system is\na router.\n\n    # grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/*\n\n    net.ipv4.ip_forward = 0\n\n    If \\\"net.ipv4.ip_forward\\\" is not configured in the /etc/sysctl.conf file\nor in the /etc/sysctl.d/ directory, is commented out, or does not have a value\nof \\\"0\\\", this is a finding.\n\n    Check that the operating system does not implement IP forwarding using the\nfollowing command:\n\n    # /sbin/sysctl -a | grep net.ipv4.ip_forward\n    net.ipv4.ip_forward = 0\n\n    If IP forwarding value is \\\"1\\\" and the system is hosting any application,\ndatabase, or web servers, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.ip_forward = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72309\"\n  tag rid: \"SV-86933r2_rule\"\n  tag stig_id: \"RHEL-07-040740\"\n  tag fix_id: \"F-78663r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.ip_forward') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.ip_forward value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95715r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010118</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that &#x2F;etc&#x2F;pam.d&#x2F;passwd implements &#x2F;etc&#x2F;pam.d&#x2F;system-auth when changing
-passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing
+passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Pluggable authentication modules (PAM) allow for a modular approach to
 integrating authentication methods. PAM operates in a top-down processing model
 and if the modules are not listed in the correct order, an important security
-function could be bypassed if stack entries are not centralized.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that &#x2F;etc&#x2F;pam.d&#x2F;passwd is configured to use &#x2F;etc&#x2F;pam.d&#x2F;system-auth
+function could be bypassed if stack entries are not centralized.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth
 when changing passwords:
 
-    # cat &#x2F;etc&#x2F;pam.d&#x2F;passwd | grep -i substack | grep -i system-auth
+    # cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth
     password     substack     system-auth
 
-    If no results are returned, the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure PAM to utilize &#x2F;etc&#x2F;pam.d&#x2F;system-auth when changing passwords.
+    If no results are returned, the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;pam.d&#x2F;passwd&quot; (or modify the line to have
+    Add the following line to "/etc/pam.d/passwd" (or modify the line to have
 the required value):
 
-    password     substack    system-auth</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d9cfd64e-bcfb-47d4-9a28-aeaef9805a41</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;pam.d&#x2F;passwd substacks system-auth</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86645r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    password     substack    system-auth</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81003\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing\npasswords.\"\n  desc  \"Pluggable authentication modules (PAM) allow for a modular approach to\nintegrating authentication methods. PAM operates in a top-down processing model\nand if the modules are not listed in the correct order, an important security\nfunction could be bypassed if stack entries are not centralized.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth\nwhen changing passwords:\n\n    # cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth\n    password     substack     system-auth\n\n    If no results are returned, the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.\n\n    Add the following line to \\\"/etc/pam.d/passwd\\\" (or modify the line to have\nthe required value):\n\n    password     substack    system-auth\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-81003\"\n  tag rid: \"SV-95715r1_rule\"\n  tag stig_id: \"RHEL-07-010118\"\n  tag fix_id: \"F-87837r1_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  # Get the content of /etc/pam.d/passwd as an array\n  pam_passwd_content = file('/etc/pam.d/passwd').content.strip.split(\"\\n\")\n  # Make a new array of any line matching the target pattern:\n  # /password\\s+substack\\s+system-auth\n  matching_lines = pam_passwd_content.select { |i| i.match(/password\\s+substack\\s+system-auth/) }\n\n  describe '/etc/pam.d/passwd' do\n    subject { matching_lines }\n    it 'substacks system-auth' do\n      expect(subject.length).to(eql 1)\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/pam.d/passwd substacks system-auth</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86645r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories are group-owned by the home
-directory owners primary group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the Group Identifier (GID) of a local interactive user&#39;s home
+directory owners primary group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the Group Identifier (GID) of a local interactive user's home
 directory is not the same as the primary GID of the user, this would allow
-unauthorized access to the user&#39;s files, and users that share the same group
-may not be able to access files that they legitimately should.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized access to the user's files, and users that share the same group
+may not be able to access files that they legitimately should.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users is
-group-owned by that user&#39;s primary GID.
+group-owned by that user's primary GID.
 
     Check the home directory assignment for all local interactive users on the
 system with the following command:
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
 
-    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 &#x2F;home&#x2F;smithj
+    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj
 
-    Check the user&#39;s primary group with the following command:
+    Check the user's primary group with the following command:
 
-    # grep users &#x2F;etc&#x2F;group
+    # grep users /etc/group
 
     users:x:250:smithj,jonesj,jacksons
 
-    If the user home directory referenced in &quot;&#x2F;etc&#x2F;passwd&quot; is not group-owned
-by that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group owner of a local interactive user&#39;s home directory to the
-group found in &quot;&#x2F;etc&#x2F;passwd&quot;. To change the group owner of a local
-interactive user&#39;s home directory, use the following command:
-
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;, and has a primary group of users.
-
-    # chgrp users &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b65447db-d23c-4a8a-b6a3-ad513e5abab3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories that are not group-owned by the user&#39;s primary GID is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72183</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86807r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030800</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If the user home directory referenced in "/etc/passwd" is not group-owned
+by that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group owner of a local interactive user's home directory to the
+group found in "/etc/passwd". To change the group owner of a local
+interactive user's home directory, use the following command:
+
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj", and has a primary group of users.
+
+    # chgrp users /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72021\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are group-owned by the home\ndirectory owners primary group.\"\n  desc  \"If the Group Identifier (GID) of a local interactive user's home\ndirectory is not the same as the primary GID of the user, this would allow\nunauthorized access to the user's files, and users that share the same group\nmay not be able to access files that they legitimately should.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users is\ngroup-owned by that user's primary GID.\n\n    Check the home directory assignment for all local interactive users on the\nsystem with the following command:\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n\n    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj\n\n    Check the user's primary group with the following command:\n\n    # grep users /etc/group\n\n    users:x:250:smithj,jonesj,jacksons\n\n    If the user home directory referenced in \\\"/etc/passwd\\\" is not group-owned\nby that user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group owner of a local interactive user's home directory to the\ngroup found in \\\"/etc/passwd\\\". To change the group owner of a local\ninteractive user's home directory, use the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\", and has a primary group of users.\n\n    # chgrp users /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72021\"\n  tag rid: \"SV-86645r5_rule\"\n  tag stig_id: \"RHEL-07-020650\"\n  tag fix_id: \"F-78373r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -maxdepth 0 -not -gid #{user_info.gid}\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories that are not group-owned by the user's primary GID\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories that are not group-owned by the user's primary GID is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72183</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86807r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030800</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the crontab command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the crontab command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged commands. The organization must maintain audit trails in sufficient
-detail to reconstruct events to determine the cause and impact of compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+detail to reconstruct events to determine the cause and impact of compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;crontab&quot; command occur.
+successful/unsuccessful attempts to use the "crontab" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;crontab &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/crontab /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;crontab -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-cron
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;crontab&quot; command occur.
+successful/unsuccessful attempts to use the "crontab" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;crontab -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-cron
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f9bba4b1-fbb6-4f78-afed-4b3e5ed3f840</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;crontab&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;crontab&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72083</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86707r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72183\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe crontab command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged commands. The organization must maintain audit trails in sufficient\ndetail to reconstruct events to determine the cause and impact of compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"crontab\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/crontab /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-cron\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"crontab\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-cron\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72183\"\n  tag rid: \"SV-86807r3_rule\"\n  tag stig_id: \"RHEL-07-030800\"\n  tag fix_id: \"F-78537r4_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/crontab'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/crontab" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/crontab" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72083</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86707r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must off-load audit
-records onto a different system or media from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records onto a different system or media from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
-storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system off-loads audit records onto a different system
 or media from the system being audited.
 
     To determine the remote server that the records are being sent to, use the
 following command:
 
-    # grep -i remote_server &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    remote_server &#x3D; 10.0.21.1
+    # grep -i remote_server /etc/audisp/audisp-remote.conf
+    remote_server = 10.0.21.1
 
     If a remote server is not configured, or the line is commented out, ask the
 System Administrator to indicate how the audit logs are off-loaded to a
 different system or media.
 
     If there is no evidence that the audit logs are being off-loaded to another
-system or media, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+system or media, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to off-load audit records onto a different
 system or media from the system being audited.
 
-    Set the remote server option in &quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot; with the
-IP address of the log aggregation server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b99232e5-0e6e-4ab8-a6b5-8a99890cc628</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86869r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the remote server option in "/etc/audisp/audisp-remote.conf" with the
+IP address of the log aggregation server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72083\" do\n  title \"The Red Hat Enterprise Linux operating system must off-load audit\nrecords onto a different system or media from the system being audited.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system off-loads audit records onto a different system\nor media from the system being audited.\n\n    To determine the remote server that the records are being sent to, use the\nfollowing command:\n\n    # grep -i remote_server /etc/audisp/audisp-remote.conf\n    remote_server = 10.0.21.1\n\n    If a remote server is not configured, or the line is commented out, ask the\nSystem Administrator to indicate how the audit logs are off-loaded to a\ndifferent system or media.\n\n    If there is no evidence that the audit logs are being off-loaded to another\nsystem or media, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to off-load audit records onto a different\nsystem or media from the system being audited.\n\n    Set the remote server option in \\\"/etc/audisp/audisp-remote.conf\\\" with the\nIP address of the log aggregation server.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-72083\"\n  tag rid: \"SV-86707r2_rule\"\n  tag stig_id: \"RHEL-07-030300\"\n  tag fix_id: \"F-78435r1_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audisp-remote.conf').exist?\n    describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n      its('remote_server'.to_s) { should match %r{^\\S+$} }\n      its('remote_server'.to_s) { should_not be_in ['localhost', '127.0.0.1'] }\n    end\n  else\n    describe \"File '/etc/audisp/audisp-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audisp-remote.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/audisp-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/audisp-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72245</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86869r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the date
-and time of the last successful account logon upon an SSH logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+and time of the last successful account logon upon an SSH logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Providing users with feedback on when account accesses via SSH last
 occurred facilitates user recognition and reporting of unauthorized account
-use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify SSH provides users with feedback on when account accesses last
 occurred.
 
-    Check that &quot;PrintLastLog&quot; keyword in the sshd daemon configuration file
-is used and set to &quot;yes&quot; with the following command:
+    Check that "PrintLastLog" keyword in the sshd daemon configuration file
+is used and set to "yes" with the following command:
 
-    # grep -i printlastlog &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i printlastlog /etc/ssh/sshd_config
     PrintLastLog yes
 
-    If the &quot;PrintLastLog&quot; keyword is set to &quot;no&quot;, is missing, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PrintLastLog" keyword is set to "no", is missing, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to provide users with feedback on when account accesses last
-occurred by setting the required configuration options in &quot;&#x2F;etc&#x2F;pam.d&#x2F;sshd&quot;
-or in the &quot;sshd_config&quot; file used by the system (&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;
+occurred by setting the required configuration options in "/etc/pam.d/sshd"
+or in the "sshd_config" file used by the system ("/etc/ssh/sshd_config"
 will be used in the example) (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
 vendor).
 
-    Modify the &quot;PrintLastLog&quot; line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; to match the
+    Modify the "PrintLastLog" line in "/etc/ssh/sshd_config" to match the
 following:
 
     PrintLastLog yes
 
-    The SSH service must be restarted for changes to &quot;sshd_config&quot; to take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>62288073-c97f-4e21-874a-6667f8f97e00</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PrintLastLog is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71959</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86583r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to "sshd_config" to take
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72245\" do\n  title \"The Red Hat Enterprise Linux operating system must display the date\nand time of the last successful account logon upon an SSH logon.\"\n  desc  \"Providing users with feedback on when account accesses via SSH last\noccurred facilitates user recognition and reporting of unauthorized account\nuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify SSH provides users with feedback on when account accesses last\noccurred.\n\n    Check that \\\"PrintLastLog\\\" keyword in the sshd daemon configuration file\nis used and set to \\\"yes\\\" with the following command:\n\n    # grep -i printlastlog /etc/ssh/sshd_config\n    PrintLastLog yes\n\n    If the \\\"PrintLastLog\\\" keyword is set to \\\"no\\\", is missing, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to provide users with feedback on when account accesses last\noccurred by setting the required configuration options in \\\"/etc/pam.d/sshd\\\"\nor in the \\\"sshd_config\\\" file used by the system (\\\"/etc/ssh/sshd_config\\\"\nwill be used in the example) (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor).\n\n    Modify the \\\"PrintLastLog\\\" line in \\\"/etc/ssh/sshd_config\\\" to match the\nfollowing:\n\n    PrintLastLog yes\n\n    The SSH service must be restarted for changes to \\\"sshd_config\\\" to take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72245\"\n  tag rid: \"SV-86869r3_rule\"\n  tag stig_id: \"RHEL-07-040360\"\n  tag fix_id: \"F-78599r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if sshd_config.params['printlastlog'] == ['yes']\n    describe sshd_config do\n      its('PrintLastLog') { should cmp 'yes' }\n    end\n  else\n    describe pam('/etc/pam.d/sshd') do\n      its('lines') { should match_pam_rule('session required pam_lastlog.so showfailed') }\n      its('lines') { should match_pam_rule('session required pam_lastlog.so showfailed').all_without_args('silent') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PrintLastLog is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71959</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86583r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow a
-non-certificate trusted host SSH logon to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+non-certificate trusted host SSH logon to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow a non-certificate trusted host
 SSH logon to the system.
 
-    Check for the value of the &quot;HostbasedAuthentication&quot; keyword with the
+    Check for the value of the "HostbasedAuthentication" keyword with the
 following command:
 
-    # grep -i hostbasedauthentication &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i hostbasedauthentication /etc/ssh/sshd_config
     HostbasedAuthentication no
 
-    If the &quot;HostbasedAuthentication&quot; keyword is not set to &quot;no&quot;, is
-missing, or is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "HostbasedAuthentication" keyword is not set to "no", is
+missing, or is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow a non-certificate trusted host
 SSH logon to the system.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for
-&quot;HostbasedAuthentication&quot; keyword and set the value to &quot;no&quot;:
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for
+"HostbasedAuthentication" keyword and set the value to "no":
 
     HostbasedAuthentication no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6c3f660b-53c8-46ed-a193-d726137d2be3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration HostbasedAuthentication is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72285</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86909r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71959\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow a\nnon-certificate trusted host SSH logon to the system.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow a non-certificate trusted host\nSSH logon to the system.\n\n    Check for the value of the \\\"HostbasedAuthentication\\\" keyword with the\nfollowing command:\n\n    # grep -i hostbasedauthentication /etc/ssh/sshd_config\n    HostbasedAuthentication no\n\n    If the \\\"HostbasedAuthentication\\\" keyword is not set to \\\"no\\\", is\nmissing, or is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow a non-certificate trusted host\nSSH logon to the system.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for\n\\\"HostbasedAuthentication\\\" keyword and set the value to \\\"no\\\":\n\n    HostbasedAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71959\"\n  tag rid: \"SV-86583r3_rule\"\n  tag stig_id: \"RHEL-07-010470\"\n  tag fix_id: \"F-78311r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('HostbasedAuthentication') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration HostbasedAuthentication is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72285</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86909r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward
-Internet Protocol version 4 (IPv4) source-routed packets by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Internet Protocol version 4 (IPv4) source-routed packets by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv4
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not accept IPv4 source-routed packets by default.
 
-    # grep net.ipv4.conf.default.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    # grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
+    net.ipv4.conf.default.accept_source_route = 0
 
-    If &quot; net.ipv4.conf.default.accept_source_route &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.default.accept_source_route " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.default.accept_source_route
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route
+    net.ipv4.conf.default.accept_source_route = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.accept_source_route &#x3D; 0
+    net.ipv4.conf.default.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>47e0f28e-8599-44fd-864f-677f0633ab86</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72025</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86649r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72285\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward\nInternet Protocol version 4 (IPv4) source-routed packets by default.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv4\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not accept IPv4 source-routed packets by default.\n\n    # grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n    net.ipv4.conf.default.accept_source_route = 0\n\n    If \\\" net.ipv4.conf.default.accept_source_route \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route\n    net.ipv4.conf.default.accept_source_route = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72285\"\n  tag rid: \"SV-86909r2_rule\"\n  tag stig_id: \"RHEL-07-040620\"\n  tag fix_id: \"F-78639r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.accept_source_route') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72025</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86649r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
 directories are group-owned by a group of which the home directory owner is a
-member.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a local interactive user&#39;s files are group-owned by a group of
-which the user is not a member, unintended users may be able to access them.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+member.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a local interactive user's files are group-owned by a group of
+which the user is not a member, unintended users may be able to access them.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user home directory
 are group-owned by a group the user is a member of.
 
     Check the group owner of all files and directories in a local interactive
-user&#39;s home directory with the following command:
+user's home directory with the following command:
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;&lt;home directory&gt;&#x2F;&lt;users home directory&gt;&#x2F;
+    # ls -lLR /&lt;home directory&gt;/&lt;users home directory&gt;/
     -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1
     -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r--r-- 1 smithj sa        231 Mar  5 17:06 file3
@@ -17410,301 +16621,288 @@ of &quot;&#x2F;home&#x2F;smithj&quot;.
 directory user, check to see if the user is a member of that group with the
 following command:
 
-    # grep smithj &#x2F;etc&#x2F;group
+    # grep smithj /etc/group
     sa:x:100:juan,shelley,bob,smithj
     smithj:x:521:smithj
 
     If the user is not a member of a group that group owns file(s) in a local
-interactive user&#39;s home directory, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group of a local interactive user&#39;s files and directories to a
+interactive user's home directory, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group of a local interactive user's files and directories to a
 group that the interactive user is a member of. To change the group owner of a
-local interactive user&#39;s files and directories, use the following command:
+local interactive user's files and directories, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and is a member of the users group.
-
-    # chgrp users &#x2F;home&#x2F;smithj&#x2F;&lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1d8cc404-c540-4c16-adea-9ba2f3aef08f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directory files with incorrect group ownership or not &#39;root&#39; owned is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86811r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030820</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj" and is a member of the users group.
+
+    # chgrp users /home/smithj/&lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72025\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories are group-owned by a group of which the home directory owner is a\nmember.\"\n  desc  \"If a local interactive user's files are group-owned by a group of\nwhich the user is not a member, unintended users may be able to access them.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories in a local interactive user home directory\nare group-owned by a group the user is a member of.\n\n    Check the group owner of all files and directories in a local interactive\nuser's home directory with the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /&lt;home directory&gt;/&lt;users home directory&gt;/\n    -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r--r-- 1 smithj sa        231 Mar  5 17:06 file3\n\n    If any files are found with an owner different than the group home\ndirectory user, check to see if the user is a member of that group with the\nfollowing command:\n\n    # grep smithj /etc/group\n    sa:x:100:juan,shelley,bob,smithj\n    smithj:x:521:smithj\n\n    If the user is not a member of a group that group owns file(s) in a local\ninteractive user's home directory, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group of a local interactive user's files and directories to a\ngroup that the interactive user is a member of. To change the group owner of a\nlocal interactive user's files and directories, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\" and is a member of the users group.\n\n    # chgrp users /home/smithj/&lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72025\"\n  tag rid: \"SV-86649r2_rule\"\n  tag stig_id: \"RHEL-07-020670\"\n  tag fix_id: \"F-78377r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    find_args = \"\"\n    user_info.groups.each { |curr_group|\n      # some key files and secure dirs (like .ssh) are group owned 'root'\n      find_args = find_args + \"-not -group #{curr_group} -o root\"\n    }\n    findings = findings + command(\"find #{user_info.home} -xdev -xautofs #{find_args}\").stdout.split(\"\\n\")\n  end\n  describe \"Home directory files with incorrect group ownership or not 'root' owned\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directory files with incorrect group ownership or not 'root' owned is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86811r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030820</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the init_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the init_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;init_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "init_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw init_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw init_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S init_module -k module-change
+    -a always,exit -F arch=b32 -S init_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S init_module -k module-change
+    -a always,exit -F arch=b64 -S init_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;init_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"init_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;init_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S init_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S init_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>58fdc365-550a-4ea8-ba14-56c774bf8138</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;init_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72093</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86717r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "init_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S init_module -k module-change
+
+    -a always,exit -F arch=b64 -S init_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72187\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe init_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"init_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw init_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S init_module -k module-change\n\n    -a always,exit -F arch=b64 -S init_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"init_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"init_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S init_module -k module-change\n\n    -a always,exit -F arch=b64 -S init_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72187\"\n  tag rid: \"SV-86811r5_rule\"\n  tag stig_id: \"RHEL-07-030820\"\n  tag fix_id: \"F-78541r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"init_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"init_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "init_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "init_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72093</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86717r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must immediately notify
 the System Administrator (SA) and Information System Security Officer (ISSO)
 (at a minimum) when the threshold for the repository maximum audit record
-storage capacity is reached.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+storage capacity is reached.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when the threshold
 for the repository maximum audit record storage capacity is reached, they are
-unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system immediately notifies the SA and ISSO (at a
 minimum) via email when the threshold for the repository maximum audit record
 storage capacity is reached.
@@ -17713,445 +16911,427 @@ storage capacity is reached.
 repository maximum audit record storage capacity is reached with the following
 command:
 
-    # grep -i action_mail_acct  &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    action_mail_acct &#x3D; root
+    # grep -i action_mail_acct  /etc/audit/auditd.conf
+    action_mail_acct = root
 
-    If the value of the &quot;action_mail_acct&quot; keyword is not set to &quot;root&quot; and
-other accounts for security personnel, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "action_mail_acct" keyword is not set to "root" and
+other accounts for security personnel, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to immediately notify the SA and ISSO (at a
 minimum) when the threshold for the repository maximum audit record storage
 capacity is reached.
 
-    Uncomment or edit the &quot;action_mail_acct&quot; keyword in
-&quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot; and set it to root and any other accounts associated
+    Uncomment or edit the "action_mail_acct" keyword in
+"/etc/audit/auditd.conf" and set it to root and any other accounts associated
 with security personnel.
 
-    action_mail_acct &#x3D; root</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>85fee7ec-9802-49b8-8ad3-14e7a35cb4ee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config action_mail_acct is expected to cmp &#x3D;&#x3D; &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86825r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030890</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    action_mail_acct = root</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72093\" do\n  title \"The Red Hat Enterprise Linux operating system must immediately notify\nthe System Administrator (SA) and Information System Security Officer (ISSO)\n(at a minimum) when the threshold for the repository maximum audit record\nstorage capacity is reached.\"\n  desc  \"If security personnel are not notified immediately when the threshold\nfor the repository maximum audit record storage capacity is reached, they are\nunable to expand the audit record storage capacity before records are lost.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system immediately notifies the SA and ISSO (at a\nminimum) via email when the threshold for the repository maximum audit record\nstorage capacity is reached.\n\n    Check what account the operating system emails when the threshold for the\nrepository maximum audit record storage capacity is reached with the following\ncommand:\n\n    # grep -i action_mail_acct  /etc/audit/auditd.conf\n    action_mail_acct = root\n\n    If the value of the \\\"action_mail_acct\\\" keyword is not set to \\\"root\\\" and\nother accounts for security personnel, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to immediately notify the SA and ISSO (at a\nminimum) when the threshold for the repository maximum audit record storage\ncapacity is reached.\n\n    Uncomment or edit the \\\"action_mail_acct\\\" keyword in\n\\\"/etc/audit/auditd.conf\\\" and set it to root and any other accounts associated\nwith security personnel.\n\n    action_mail_acct = root\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72093\"\n  tag rid: \"SV-86717r3_rule\"\n  tag stig_id: \"RHEL-07-030350\"\n  tag fix_id: \"F-78445r3_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  describe auditd_conf  do\n    its('action_mail_acct') { should cmp 'root' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config action_mail_acct is expected to cmp == "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86825r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030890</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the renameat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the renameat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;renameat&quot; syscall occur.
+successful/unsuccessful attempts to use the "renameat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw renameat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw renameat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;renameat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"renameat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;renameat&quot; syscall occur.
+successful/unsuccessful attempts to use the "renameat" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S renameat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ac5735e9-fdb0-4927-9360-a95a3e7511d0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;renameat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86659r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020720</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72201\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe renameat syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"renameat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw renameat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"renameat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"renameat\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72201\"\n  tag rid: \"SV-86825r5_rule\"\n  tag stig_id: \"RHEL-07-030890\"\n  tag fix_id: \"F-78555r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"renameat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"renameat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "renameat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "renameat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72035</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86659r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020720</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user initialization files executable search paths
-contain only paths that resolve to the users home directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+contain only paths that resolve to the users home directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The executable search path (typically the PATH environment variable)
 contains a list of directories for the shell to search to find executables. If
-this path includes the current working directory (other than the user&#39;s home
+this path includes the current working directory (other than the user's home
 directory), executables in these directories may be executed instead of system
 commands. This variable is formatted as a colon-separated list of directories.
 If there is an empty entry, such as a leading or trailing colon or two
 consecutive colons, this is interpreted as the current working directory. If
 deviations from the default system search path for the local interactive user
 are required, they must be documented with the Information System Security
-Officer (ISSO).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that all local interactive user initialization files&#39; executable
+Officer (ISSO).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that all local interactive user initialization files' executable
 search path statements do not contain statements that will reference a working
-directory other than the users&#39; home directory.
+directory other than the users' home directory.
 
     Check the executable search path statement for all local interactive user
-initialization files in the users&#39; home directory with the following commands:
+initialization files in the users' home directory with the following commands:
 
     Note: The example will be for the smithj user, which has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+of "/home/smithj".
 
-    # grep -i path &#x2F;home&#x2F;smithj&#x2F;.*
-    &#x2F;home&#x2F;smithj&#x2F;.bash_profile:PATH&#x3D;$PATH:$HOME&#x2F;.local&#x2F;bin:$HOME&#x2F;bin
-    &#x2F;home&#x2F;smithj&#x2F;.bash_profile:export PATH
+    # grep -i path /home/smithj/.*
+    /home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
+    /home/smithj/.bash_profile:export PATH
 
     If any local interactive user initialization files have executable search
 path statements that include directories outside of their home directory, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Edit the local interactive user initialization files to change any PATH
 variable statements that reference directories other than their home directory.
 
     If a local interactive user requires path variables to reference a
-directory owned by the application, it must be documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a5ada76a-ebd4-477c-b024-088bf39ef9ee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Initialization files that include executable search paths that include directories outside their home directories is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71917</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86541r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010190</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+directory owned by the application, it must be documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72035\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user initialization files executable search paths\ncontain only paths that resolve to the users home directory.\"\n  desc  \"The executable search path (typically the PATH environment variable)\ncontains a list of directories for the shell to search to find executables. If\nthis path includes the current working directory (other than the user's home\ndirectory), executables in these directories may be executed instead of system\ncommands. This variable is formatted as a colon-separated list of directories.\nIf there is an empty entry, such as a leading or trailing colon or two\nconsecutive colons, this is interpreted as the current working directory. If\ndeviations from the default system search path for the local interactive user\nare required, they must be documented with the Information System Security\nOfficer (ISSO).\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all local interactive user initialization files' executable\nsearch path statements do not contain statements that will reference a working\ndirectory other than the users' home directory.\n\n    Check the executable search path statement for all local interactive user\ninitialization files in the users' home directory with the following commands:\n\n    Note: The example will be for the smithj user, which has a home directory\nof \\\"/home/smithj\\\".\n\n    # grep -i path /home/smithj/.*\n    /home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin\n    /home/smithj/.bash_profile:export PATH\n\n    If any local interactive user initialization files have executable search\npath statements that include directories outside of their home directory, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the local interactive user initialization files to change any PATH\nvariable statements that reference directories other than their home directory.\n\n    If a local interactive user requires path variables to reference a\ndirectory owned by the application, it must be documented with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72035\"\n  tag rid: \"SV-86659r4_rule\"\n  tag stig_id: \"RHEL-07-020720\"\n  tag fix_id: \"F-78387r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    grep_results =  command(\"grep -i path --exclude=\\\".bash_history\\\" #{user_info.home}/.*\").stdout.split(\"\\\\n\")\n    grep_results.each do |result|\n      result.slice! \"PATH=\"\n      # Case when last value in exec search path is :\n      if result[-1] == \":\" then\n        result = result + \" \"\n      end\n      result.slice! \"$PATH:\"\n      result.gsub! '$HOME', \"#{user_info.home}\"\n      result.gsub! '~', \"#{user_info.home}\"\n      line_arr = result.split(\":\")\n      line_arr.delete_at(0)\n      line_arr.each do |line|\n        # Don't run test on line that exports PATH and is not commented out\n        if !line.start_with?('export') &amp;&amp; !line.start_with?('#') then\n          # Case when :: found in exec search path or : found at beginning\n          if line.strip.empty? then\n            curr_work_dir = command(\"pwd\").stdout.gsub(\"\\n\", \"\")\n            if curr_work_dir.start_with?(\"#{user_info.home}\") then\n              line = curr_work_dir\n            end\n          end\n          # This will fail if non-home directory found in path\n          if !line.start_with?(user_info.home)\n            findings.add(line)\n          end\n        end\n      end\n    end\n  end\n  describe.one do\n    describe etc_fstab do\n      its('home_mount_options') { should include 'nosuid' }\n    end\n    describe \"Initialization files that include executable search paths that include directories outside their home directories\" do\n      subject { findings.to_a }\n      it { should be_empty }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Initialization files that include executable search paths that include directories outside their home directories is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71917</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000072-GPOS-00040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86541r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010190</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed the number of repeating characters of the same
-character class must not be more than four characters.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+character class must not be more than four characters.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -18160,145 +17340,140 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;maxclassrepeat&quot; option sets the maximum number of allowed same
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "maxclassrepeat" option sets the maximum number of allowed same
 consecutive characters in the same class in the new password.
 
-    Check for the value of the &quot;maxclassrepeat&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "maxclassrepeat" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep maxclassrepeat &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    maxclassrepeat &#x3D; 4
+    # grep maxclassrepeat /etc/security/pwquality.conf
+    maxclassrepeat = 4
 
-    If the value of &quot;maxclassrepeat&quot; is set to more than &quot;4&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "maxclassrepeat" is set to more than "4", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require the change of the number of
 repeating characters of the same character class when passwords are changed by
-setting the &quot;maxclassrepeat&quot; option.
+setting the "maxclassrepeat" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; conf (or modify
+    Add the following line to "/etc/security/pwquality.conf" conf (or modify
 the line to have the required value):
 
-    maxclassrepeat &#x3D; 4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>506b8012-d201-4906-817e-bf1b5c7f3f63</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf maxclassrepeat.to_i is expected to cmp &lt;&#x3D; 4</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72225</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86849r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040170</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    maxclassrepeat = 4</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71917\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed the number of repeating characters of the same\ncharacter class must not be more than four characters.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The \\\"maxclassrepeat\\\" option sets the maximum number of allowed same\nconsecutive characters in the same class in the new password.\n\n    Check for the value of the \\\"maxclassrepeat\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep maxclassrepeat /etc/security/pwquality.conf\n    maxclassrepeat = 4\n\n    If the value of \\\"maxclassrepeat\\\" is set to more than \\\"4\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require the change of the number of\nrepeating characters of the same character class when passwords are changed by\nsetting the \\\"maxclassrepeat\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" conf (or modify\nthe line to have the required value):\n\n    maxclassrepeat = 4\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000072-GPOS-00040\"\n  tag gid: \"V-71917\"\n  tag rid: \"SV-86541r2_rule\"\n  tag stig_id: \"RHEL-07-010190\"\n  tag fix_id: \"F-78269r1_fix\"\n  tag cci: [\"CCI-000195\"]\n  tag nist: [\"IA-5 (1) (b)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('maxclassrepeat.to_i') { should cmp &lt;= 4 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf maxclassrepeat.to_i is expected to cmp &lt;= 4</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72225</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86849r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040170</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner immediately prior to, or as
-part of, remote access logon prompts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+part of, remote access logon prompts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the publicly accessible operating system ensures privacy and
 security notification verbiage used is consistent with applicable federal laws,
@@ -18311,7 +17486,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -18336,14 +17511,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify any publicly accessible connection to the operating system displays
 the Standard Mandatory DoD Notice and Consent Banner before granting access to
 the system.
@@ -18351,19 +17526,19 @@ the system.
     Check for the location of the banner file being used with the following
 command:
 
-    # grep -i banner &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i banner /etc/ssh/sshd_config
 
-    banner &#x2F;etc&#x2F;issue
+    banner /etc/issue
 
     This command will return the banner keyword and the name of the file that
-contains the ssh banner (in this case &quot;&#x2F;etc&#x2F;issue&quot;).
+contains the ssh banner (in this case "/etc/issue").
 
     If the line is commented out, this is a finding.
 
     View the file specified by the banner keyword to check that it matches the
 text of the Standard Mandatory DoD Notice and Consent Banner:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only. By using this IS (which includes any
 device attached to this IS), you consent to the following conditions:
 
@@ -18386,32 +17561,32 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
+Agreement for details."
 
     If the system does not display a graphical logon banner or the banner does
 not match the Standard Mandatory DoD Notice and Consent Banner, this is a
 finding.
 
     If the text in the file does not match the Standard Mandatory DoD Notice
-and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+and Consent Banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system via the ssh.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment the banner keyword and
+    Edit the "/etc/ssh/sshd_config" file to uncomment the banner keyword and
 configure it to point to a file that will contain the logon banner (this file
 may be named differently or be in a different location if using a version of
 SSH that is provided by a third-party vendor). An example configuration line is:
 
-    banner &#x2F;etc&#x2F;issue
+    banner /etc/issue
 
     Either create the file containing the banner or replace the text in the
 file with the Standard Mandatory DoD Notice and Consent Banner. The DoD
 required text is:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only. By using this IS (which includes any
 device attached to this IS), you consent to the following conditions:
 
@@ -18434,1508 +17609,1443 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;
-
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ab2538f6-81eb-4233-b116-95913c3eb109</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001385</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001386</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001387</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001388</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The SSHD Banner is set to the standard banner and has the correct text is expected to cmp &#x3D;&#x3D; &quot;YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.&quot;
-
+Agreement for details."
+
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72225\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner immediately prior to, or as\npart of, remote access logon prompts.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the publicly accessible operating system ensures privacy and\nsecurity notification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify any publicly accessible connection to the operating system displays\nthe Standard Mandatory DoD Notice and Consent Banner before granting access to\nthe system.\n\n    Check for the location of the banner file being used with the following\ncommand:\n\n    # grep -i banner /etc/ssh/sshd_config\n\n    banner /etc/issue\n\n    This command will return the banner keyword and the name of the file that\ncontains the ssh banner (in this case \\\"/etc/issue\\\").\n\n    If the line is commented out, this is a finding.\n\n    View the file specified by the banner keyword to check that it matches the\ntext of the Standard Mandatory DoD Notice and Consent Banner:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only. By using this IS (which includes any\ndevice attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    If the system does not display a graphical logon banner or the banner does\nnot match the Standard Mandatory DoD Notice and Consent Banner, this is a\nfinding.\n\n    If the text in the file does not match the Standard Mandatory DoD Notice\nand Consent Banner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system via the ssh.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment the banner keyword and\nconfigure it to point to a file that will contain the logon banner (this file\nmay be named differently or be in a different location if using a version of\nSSH that is provided by a third-party vendor). An example configuration line is:\n\n    banner /etc/issue\n\n    Either create the file containing the banner or replace the text in the\nfile with the Standard Mandatory DoD Notice and Consent Banner. The DoD\nrequired text is:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only. By using this IS (which includes any\ndevice attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-72225\"\n  tag rid: \"SV-86849r4_rule\"\n  tag stig_id: \"RHEL-07-040170\"\n  tag fix_id: \"F-78579r4_fix\"\n  tag cci: [\"CCI-000048\", \"CCI-000050\", \"CCI-001384\", \"CCI-001385\",\n\"CCI-001386\", \"CCI-001387\", \"CCI-001388\"]\n  tag nist: [\"AC-8 a\", \"AC-8 b\", \"AC-8 c 1\", \"AC-8 c 2\", \"AC-8 c 2\", \"AC-8 c\n2\", \"AC-8 c 3\", \"Rev_4\"]\n\n  banner_message_text_ral = input('banner_message_text_ral')\n  banner_message_text_ral_limited = input('banner_message_text_ral_limited')\n\n  #When Banner is commented, not found, disabled, or the specified file does not exist, this is a finding.\n  banner_files = [sshd_config.banner].flatten\n\n  banner_files.each do |banner_file|\n\n    #Banner property is commented out.\n    describe \"The SSHD Banner is not set\" do\n      subject { banner_file.nil? }\n      it { should be false }\n    end if banner_file.nil?\n\n    #Banner property is set to \"none\"\n    describe \"The SSHD Banner is disabled\" do\n      subject { banner_file.match(/none/i).nil? }\n      it { should be true }\n    end if !banner_file.nil? &amp;&amp; !banner_file.match(/none/i).nil?\n\n    #Banner property provides a path to a file, however, it does not exist.\n    describe \"The SSHD Banner is set, but, the file does not exist\" do\n      subject { file(banner_file).exist? }\n      it { should be true }\n    end if !banner_file.nil? &amp;&amp; banner_file.match(/none/i).nil? &amp;&amp; !file(banner_file).exist?\n\n    #Banner property provides a path to a file and it exists.\n    describe.one do\n      banner = file(banner_file).content.gsub(%r{[\\r\\n\\s]}, '')\n      clean_banner = banner_message_text_ral.gsub(%r{[\\r\\n\\s]}, '')\n      clean_banner_limited = banner_message_text_ral_limited.gsub(%r{[\\r\\n\\s]}, '')\n\n      describe \"The SSHD Banner is set to the standard banner and has the correct text\" do\n        subject { banner }\n        it { should cmp clean_banner }\n      end\n\n      describe \"The SSHD Banner is set to the standard limited banner and has the correct text\" do\n        subject { banner }\n        it { should cmp clean_banner_limited }\n      end\n    end if !banner_file.nil? &amp;&amp; banner_file.match(/none/i).nil? &amp;&amp; file(banner_file).exist?\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001385</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001386</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001387</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001388</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The SSHD Banner is set to the standard banner and has the correct text is expected to cmp == "YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails." :: MESSAGE 
 expected: YouareaccessingaU.S.Government(USG)InformationSystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS),youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-The SSHD Banner is set to the standard limited banner and has the correct text is expected to cmp &#x3D;&#x3D; &quot;I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.&quot;
-
-expected: I&#39;veread&amp;consenttotermsinISuseragreem&#39;t.
+passed :: TEST The SSHD Banner is set to the standard limited banner and has the correct text is expected to cmp == "I'veread&amp;consenttotermsinISuseragreem't." :: MESSAGE 
+expected: I'veread&amp;consenttotermsinISuseragreem't.
      got: YouareaccessingaU.S.Government(USG)informationsystem(IS)thatisprovidedforUSG-authorizeduseonly.ByusingthisIS(whichincludesanydeviceattachedtothisIS)youconsenttothefollowingconditions:-TheUSGroutinelyinterceptsandmonitorscommunicationsonthisISforpurposesincluding,butnotlimitedto,penetrationtesting,COMSECmonitoring,networkoperationsanddefense,personnelmisconduct(PM),lawenforcement(LE),andcounterintelligence(CI)investigations.-Atanytime,theUSGmayinspectandseizedatastoredonthisIS.-Communicationsusing,ordatastoredon,thisISarenotprivate,aresubjecttoroutinemonitoring,interception,andsearch,andmaybedisclosedorusedforanyUSG-authorizedpurpose.-ThisISincludessecuritymeasures(e.g.,authenticationandaccesscontrols)toprotectUSGinterests--notforyourpersonalbenefitorprivacy.-Notwithstandingtheabove,usingthisISdoesnotconstituteconsenttoPM,LEorCIinvestigativesearchingormonitoringofthecontentofprivilegedcommunications,orworkproduct,relatedtopersonalrepresentationorservicesbyattorneys,psychotherapists,orclergy,andtheirassistants.Suchcommunicationsandworkproductareprivateandconfidential.SeeUserAgreementfordetails.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72257</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86881r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72257</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86881r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH private host key files have mode 0640 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH private host key files have mode 0640 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an unauthorized user obtains the private SSH host key file, the
-host could be impersonated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the SSH private host key files have mode &quot;0640&quot; or less permissive.
+host could be impersonated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the SSH private host key files have mode "0640" or less permissive.
 
     The following command will find all SSH private key files on the system and
 list their modes:
 
-    # find &#x2F; -name &#39;*ssh_host*key&#39; | xargs ls -lL
+    # find / -name '*ssh_host*key' | xargs ls -lL
 
     -rw-r----- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key
     -rw-r----- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key
     -rw-r----- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key
 
-    If any file has a mode more permissive than &quot;0640&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the mode of SSH private host key files under &quot;&#x2F;etc&#x2F;ssh&quot; to
-&quot;0640&quot; with the following command:
-
-    # chmod 0640 &#x2F;path&#x2F;to&#x2F;file&#x2F;ssh_host*key</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8bcc860c-4459-47f6-a038-d034ed0d12c0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86831r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030920</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If any file has a mode more permissive than "0640", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the mode of SSH private host key files under "/etc/ssh" to
+"0640" with the following command:
+
+    # chmod 0640 /path/to/file/ssh_host*key</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72257\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH private host key files have mode 0640 or less permissive.\"\n  desc  \"If an unauthorized user obtains the private SSH host key file, the\nhost could be impersonated.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH private host key files have mode \\\"0640\\\" or less permissive.\n\n    The following command will find all SSH private key files on the system and\nlist their modes:\n\n    # find / -name '*ssh_host*key' | xargs ls -lL\n\n    -rw-r----- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key\n    -rw-r----- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key\n    -rw-r----- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key\n\n    If any file has a mode more permissive than \\\"0640\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the mode of SSH private host key files under \\\"/etc/ssh\\\" to\n\\\"0640\\\" with the following command:\n\n    # chmod 0640 /path/to/file/ssh_host*key\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72257\"\n  tag rid: \"SV-86881r3_rule\"\n  tag stig_id: \"RHEL-07-040420\"\n  tag fix_id: \"F-78611r5_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  key_files = command(\"find /etc/ssh -xdev -name '*ssh_host*key' -perm /177\").stdout.split(\"\\n\")\n  if !key_files.nil? and !key_files.empty?\n    key_files.each do |keyfile|\n      describe file(keyfile) do\n        it { should_not be_executable.by('owner') }\n        it { should_not be_readable.by('group') }\n        it { should_not be_writable.by('group') }\n        it { should_not be_executable.by('group') }\n        it { should_not be_readable.by('others') }\n        it { should_not be_writable.by('others') }\n        it { should_not be_executable.by('others') }\n      end\n    end\n  else\n    describe \"No files have a more permissive mode.\" do\n      subject { key_files.nil? or key_files.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No files have a more permissive mode. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86831r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030920</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unlinkat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unlinkat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlinkat&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlinkat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw unlinkat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw unlinkat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;unlinkat&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"unlinkat" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unlinkat&quot; syscall occur.
+successful/unsuccessful attempts to use the "unlinkat" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S unlinkat -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b31185c3-c737-4202-bf17-8180324ccb97</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;unlinkat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86683r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72207\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unlinkat syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlinkat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw unlinkat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"unlinkat\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unlinkat\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72207\"\n  tag rid: \"SV-86831r5_rule\"\n  tag stig_id: \"RHEL-07-030920\"\n  tag fix_id: \"F-78561r10_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"unlinkat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"unlinkat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "unlinkat" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86683r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that a separate file system is used for user home directories (such as &#x2F;home or
-an equivalent).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that a separate file system is used for user home directories (such as /home or
+an equivalent).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for
 non-privileged local interactive user home directories.
 
     Check the home directory assignment for all non-privileged users (those
 with a UID greater than 1000) on the system with the following command:
 
-    #cut -d: -f 1,3,6,7 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot; | tr &quot;:&quot;
-&quot;\t&quot;
+    #cut -d: -f 1,3,6,7 /etc/passwd | egrep ":[1-4][0-9]{3}" | tr ":"
+"\t"
 
-    adamsj &#x2F;home&#x2F;adamsj &#x2F;bin&#x2F;bash
-    jacksonm &#x2F;home&#x2F;jacksonm &#x2F;bin&#x2F;bash
-    smithj &#x2F;home&#x2F;smithj &#x2F;bin&#x2F;bash
+    adamsj /home/adamsj /bin/bash
+    jacksonm /home/jacksonm /bin/bash
+    smithj /home/smithj /bin/bash
 
-    The output of the command will give the directory&#x2F;partition that contains
+    The output of the command will give the directory/partition that contains
 the home directories for the non-privileged users on the system (in this
-example, &#x2F;home) and users&#39; shell. All accounts with a valid shell (such as
-&#x2F;bin&#x2F;bash) are considered interactive users.
+example, /home) and users' shell. All accounts with a valid shell (such as
+/bin/bash) are considered interactive users.
 
-    Check that a file system&#x2F;partition has been created for the non-privileged
+    Check that a file system/partition has been created for the non-privileged
 interactive users with the following command:
 
-    Note: The partition of &#x2F;home is used in the example.
+    Note: The partition of /home is used in the example.
 
-    # grep &#x2F;home &#x2F;etc&#x2F;fstab
-    UUID&#x3D;333ada18    &#x2F;home                   ext4    noatime,nobarrier,nodev  1
+    # grep /home /etc/fstab
+    UUID=333ada18    /home                   ext4    noatime,nobarrier,nodev  1
 2
 
-    If a separate entry for the file system&#x2F;partition that contains the
-non-privileged interactive users&#39; home directories does not exist, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the &quot;&#x2F;home&quot; directory onto a separate file
-system&#x2F;partition.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>542b1d57-39b2-4510-b2c7-e04ab965f02c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-ec2-user with mountpoint &#x2F; is expected not to be empty
---------------------------------
-passed
-ec2-user with mountpoint &#x2F; is expected not to match &#x2F;^\&#x2F;$&#x2F;
-expected &quot;&#x2F;&quot; not to match &#x2F;^\&#x2F;$&#x2F;
+    If a separate entry for the file system/partition that contains the
+non-privileged interactive users' home directories does not exist, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the "/home" directory onto a separate file
+system/partition.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72059\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat a separate file system is used for user home directories (such as /home or\nan equivalent).\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for\nnon-privileged local interactive user home directories.\n\n    Check the home directory assignment for all non-privileged users (those\nwith a UID greater than 1000) on the system with the following command:\n\n    #cut -d: -f 1,3,6,7 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\" | tr \\\":\\\"\n\\\"\\\\t\\\"\n\n    adamsj /home/adamsj /bin/bash\n    jacksonm /home/jacksonm /bin/bash\n    smithj /home/smithj /bin/bash\n\n    The output of the command will give the directory/partition that contains\nthe home directories for the non-privileged users on the system (in this\nexample, /home) and users' shell. All accounts with a valid shell (such as\n/bin/bash) are considered interactive users.\n\n    Check that a file system/partition has been created for the non-privileged\ninteractive users with the following command:\n\n    Note: The partition of /home is used in the example.\n\n    # grep /home /etc/fstab\n    UUID=333ada18    /home                   ext4    noatime,nobarrier,nodev  1\n2\n\n    If a separate entry for the file system/partition that contains the\nnon-privileged interactive users' home directories does not exist, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Migrate the \\\"/home\\\" directory onto a separate file\nsystem/partition.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72059\"\n  tag rid: \"SV-86683r2_rule\"\n  tag stig_id: \"RHEL-07-021310\"\n  tag fix_id: \"F-78411r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  # excluding root because its home directory is usually \"/root\" (mountpoint \"/\")\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n\n    home_mount = command(%(df #{user_info.home} --output=target | tail -1)).stdout.strip\n    describe user_info.username do\n      context 'with mountpoint' do\n        context home_mount do\n          it { should_not be_empty }\n          it { should_not match(%r(^/$)) }\n        end\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST ec2-user with mountpoint / is expected not to be empty
+--------------------------------
+passed :: TEST ec2-user with mountpoint / is expected not to match /^\/$/ :: MESSAGE expected "/" not to match /^\/$/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^\&#x2F;$&#x2F;
-+&quot;&#x2F;&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72113</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86737r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^\/$/
++"/"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72113</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86737r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fsetxattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fsetxattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fsetxattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fsetxattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fsetxattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fsetxattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fsetxattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fsetxattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fsetxattr" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fsetxattr -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295
 -k perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>16ef68a8-4855-4b7a-a5bf-91b4256e9ef3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fsetxattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72287</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86911r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72113\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fsetxattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fsetxattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fsetxattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fsetxattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fsetxattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    -a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=4294967295\n-k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72113\"\n  tag rid: \"SV-86737r5_rule\"\n  tag stig_id: \"RHEL-07-030450\"\n  tag fix_id: \"F-78465r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fsetxattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fsetxattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fsetxattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72287</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86911r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not respond to
 Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP)
-echoes sent to a broadcast address.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+echoes sent to a broadcast address.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Responding to broadcast (ICMP) echoes facilitates network mapping and
-provides a vector for amplification attacks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+provides a vector for amplification attacks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not respond to IPv4 ICMP echoes sent to a broadcast
 address.
 
-    # grep net.ipv4.icmp_echo_ignore_broadcasts &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot; net.ipv4.icmp_echo_ignore_broadcasts&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If " net.ipv4.icmp_echo_ignore_broadcasts" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the
-&quot;icmp_echo_ignore_broadcasts&quot; variable with the following command:
+"icmp_echo_ignore_broadcasts" variable with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
-    net.ipv4.icmp_echo_ignore_broadcasts &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
+    net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.icmp_echo_ignore_broadcasts &#x3D; 1
+    net.ipv4.icmp_echo_ignore_broadcasts = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>69546c7a-7e48-4c42-9a28-cfae40fc3f5c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.icmp_echo_ignore_broadcasts value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72013</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86637r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72287\" do\n  title \"The Red Hat Enterprise Linux operating system must not respond to\nInternet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP)\nechoes sent to a broadcast address.\"\n  desc  \"Responding to broadcast (ICMP) echoes facilitates network mapping and\nprovides a vector for amplification attacks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not respond to IPv4 ICMP echoes sent to a broadcast\naddress.\n\n    # grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\" net.ipv4.icmp_echo_ignore_broadcasts\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the\n\\\"icmp_echo_ignore_broadcasts\\\" variable with the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts\n    net.ipv4.icmp_echo_ignore_broadcasts = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.icmp_echo_ignore_broadcasts = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72287\"\n  tag rid: \"SV-86911r2_rule\"\n  tag stig_id: \"RHEL-07-040630\"\n  tag fix_id: \"F-78641r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.icmp_echo_ignore_broadcasts value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72013</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86637r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user accounts, upon creation, are assigned a home
-directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users are not assigned a valid home directory,
-there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all local interactive users on the system are assigned a home
 directory upon creation.
 
     Check to see if the system is configured to create home directories for
 local interactive users with the following command:
 
-    # grep -i create_home &#x2F;etc&#x2F;login.defs
+    # grep -i create_home /etc/login.defs
     CREATE_HOME yes
 
-    If the value for &quot;CREATE_HOME&quot; parameter is not set to &quot;yes&quot;, the line
-is missing, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value for "CREATE_HOME" parameter is not set to "yes", the line
+is missing, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to assign home directories to all new local
-interactive users by setting the &quot;CREATE_HOME&quot; parameter in
-&quot;&#x2F;etc&#x2F;login.defs&quot; to &quot;yes&quot; as follows.
-
-    CREATE_HOME yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>209e1220-120f-46b3-9acf-27c82a1b15e7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs CREATE_HOME is expected to eq &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86777r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+interactive users by setting the "CREATE_HOME" parameter in
+"/etc/login.defs" to "yes" as follows.
+
+    CREATE_HOME yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72013\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user accounts, upon creation, are assigned a home\ndirectory.\"\n  desc  \"If local interactive users are not assigned a valid home directory,\nthere is no place for the storage and control of files they should own.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all local interactive users on the system are assigned a home\ndirectory upon creation.\n\n    Check to see if the system is configured to create home directories for\nlocal interactive users with the following command:\n\n    # grep -i create_home /etc/login.defs\n    CREATE_HOME yes\n\n    If the value for \\\"CREATE_HOME\\\" parameter is not set to \\\"yes\\\", the line\nis missing, or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to assign home directories to all new local\ninteractive users by setting the \\\"CREATE_HOME\\\" parameter in\n\\\"/etc/login.defs\\\" to \\\"yes\\\" as follows.\n\n    CREATE_HOME yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72013\"\n  tag rid: \"SV-86637r2_rule\"\n  tag stig_id: \"RHEL-07-020610\"\n  tag fix_id: \"F-78365r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe login_defs do\n    its('CREATE_HOME') { should eq 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs CREATE_HOME is expected to eq "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86777r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the gpasswd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the gpasswd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;gpasswd&quot; command occur.
+successful/unsuccessful attempts to use the "gpasswd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;gpasswd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/gpasswd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;gpasswd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;gpasswd&quot; command occur.
+successful/unsuccessful attempts to use the "gpasswd" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;gpasswd -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ef10c283-dd34-42c2-b239-9a01c2d77e22</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;gpasswd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;gpasswd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71933</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000077-GPOS-00045</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86557r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72153\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe gpasswd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"gpasswd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/gpasswd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"gpasswd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72153\"\n  tag rid: \"SV-86777r5_rule\"\n  tag stig_id: \"RHEL-07-030650\"\n  tag fix_id: \"F-78505r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/gpasswd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/gpasswd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/gpasswd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71933</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000077-GPOS-00045</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86557r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are prohibited from reuse for a minimum of five generations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are prohibited from reuse for a minimum of five generations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Password complexity, or strength, is a measure of the effectiveness of
 a password in resisting attempts at guessing and brute-force attacks. If the
 information system or application allows the user to consecutively reuse their
 password when that password has exceeded its defined lifetime, the end result
-is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prohibits password reuse for a minimum of five
 generations.
 
-    Check for the value of the &quot;remember&quot; argument in
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; with the following
+    Check for the value of the "remember" argument in
+"/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following
 command:
 
-    # grep -i remember &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
 
-    password    requisite     pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
+    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3
 
-    If the line containing the &quot;pam_pwhistory.so&quot; line does not have the
-&quot;remember&quot; module argument set, is commented out, or the value of the
-&quot;remember&quot; module argument is set to less than &quot;5&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the line containing the "pam_pwhistory.so" line does not have the
+"remember" module argument set, is commented out, or the value of the
+"remember" module argument is set to less than "5", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prohibit password reuse for a minimum of
 five generations.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot; (or modify the line to have the required value):
+    Add the following line in "/etc/pam.d/system-auth" and
+"/etc/pam.d/password-auth" (or modify the line to have the required value):
 
-    password    requisite     pam_pwhistory.so use_authtok remember&#x3D;5 retry&#x3D;3
+    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ef80e519-1bc4-466f-b11c-781284c3fefc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password (required|requisite|sufficient) pam_(unix|pwhistory).so, any with arg remember &gt;&#x3D; 5</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95721r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021022</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the nodev option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nodev&quot; mount option causes the system to not interpret
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71933\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are prohibited from reuse for a minimum of five generations.\"\n  desc  \"Password complexity, or strength, is a measure of the effectiveness of\na password in resisting attempts at guessing and brute-force attacks. If the\ninformation system or application allows the user to consecutively reuse their\npassword when that password has exceeded its defined lifetime, the end result\nis a password that is not changed per policy requirements.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prohibits password reuse for a minimum of five\ngenerations.\n\n    Check for the value of the \\\"remember\\\" argument in\n\\\"/etc/pam.d/system-auth\\\" and \\\"/etc/pam.d/password-auth\\\" with the following\ncommand:\n\n    # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3\n\n    If the line containing the \\\"pam_pwhistory.so\\\" line does not have the\n\\\"remember\\\" module argument set, is commented out, or the value of the\n\\\"remember\\\" module argument is set to less than \\\"5\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prohibit password reuse for a minimum of\nfive generations.\n\n    Add the following line in \\\"/etc/pam.d/system-auth\\\" and\n\\\"/etc/pam.d/password-auth\\\" (or modify the line to have the required value):\n\n    password    requisite     pam_pwhistory.so use_authtok remember=5 retry=3\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000077-GPOS-00045\"\n  tag gid: \"V-71933\"\n  tag rid: \"SV-86557r3_rule\"\n  tag stig_id: \"RHEL-07-010270\"\n  tag fix_id: \"F-78285r3_fix\"\n  tag cci: [\"CCI-000200\"]\n  tag nist: [\"IA-5 (1) (e)\", \"Rev_4\"]\n\n  min_reuse_generations = input('min_reuse_generations')\n\n  describe pam(\"/etc/pam.d/system-auth\") do\n    its('lines') { should match_pam_rule('password (required|requisite|sufficient) pam_(unix|pwhistory).so').any_with_integer_arg('remember', '&gt;=', min_reuse_generations) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password (required|requisite|sufficient) pam_(unix|pwhistory).so, any with arg remember &gt;= 5</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95721r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021022</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the nodev option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nodev" mount option causes the system to not interpret
 character or block special devices. Executing character or block special
 devices from untrusted file systems increases the opportunity for unprivileged
-users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;nodev&quot; option is configured for &#x2F;dev&#x2F;shm:
+users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "nodev" option is configured for /dev/shm:
 
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    # cat /etc/fstab | grep /dev/shm
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;nodev&quot; option is not listed, this is
+    If any results are returned and the "nodev" option is not listed, this is
 a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;nodev&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep nodev
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;nodev&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>06e826b9-8f98-4f25-a08d-125111dcd047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;nodev&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71965</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86589r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "nodev" option:
+
+    # mount | grep "/dev/shm" | grep nodev
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"nodev" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81009\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe nodev option.\"\n  desc  \"The \\\"nodev\\\" mount option causes the system to not interpret\ncharacter or block special devices. Executing character or block special\ndevices from untrusted file systems increases the opportunity for unprivileged\nusers to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"nodev\\\" option is configured for /dev/shm:\n\n\n    # cat /etc/fstab | grep /dev/shm\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"nodev\\\" option is not listed, this is\na finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"nodev\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep nodev\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"nodev\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81009\"\n  tag rid: \"SV-95721r2_rule\"\n  tag stig_id: \"RHEL-07-021022\"\n  tag fix_id: \"F-87843r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'nodev' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "nodev"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71965</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86589r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must uniquely identify
 and must authenticate organizational users (or processes acting on behalf of
-organizational users) using multifactor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+organizational users) using multifactor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To assure accountability and prevent unauthenticated access,
 organizational users must be identified and authenticated to prevent potential
 misuse and compromise of the system.
@@ -19954,209 +19064,198 @@ information system without identification or authentication;
     2) Accesses that occur through authorized use of group authenticators
 without individual authentication. Organizations may require unique
 identification of individuals in group accounts (e.g., shared privilege
-accounts) or for detailed accountability of individual activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts) or for detailed accountability of individual activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system requires multifactor authentication to uniquely
 identify organizational users using multifactor authentication.
 
     Check to see if smartcard authentication is enforced on the system:
 
-    # authconfig --test | grep &quot;pam_pkcs11 is enabled&quot;
+    # authconfig --test | grep "pam_pkcs11 is enabled"
 
     If no results are returned, this is a finding.
 
-    # authconfig --test | grep &quot;smartcard removal action&quot;
+    # authconfig --test | grep "smartcard removal action"
 
-    If &quot;smartcard removal action&quot; is blank, this is a finding.
+    If "smartcard removal action" is blank, this is a finding.
 
-    # authconfig --test | grep &quot;smartcard module&quot;
+    # authconfig --test | grep "smartcard module"
 
-    If &quot;smartcard module&quot; is blank, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "smartcard module" is blank, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require individuals to be authenticated
 with a multifactor authenticator.
 
     Enable smartcard logons with the following commands:
 
-    # authconfig --enablesmartcard --smartcardaction&#x3D;0 --update
+    # authconfig --enablesmartcard --smartcardaction=0 --update
     # authconfig --enablerequiresmartcard -update
 
-    Modify the &quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pkcs11_eventmgr.conf&quot; file to uncomment the
+    Modify the "/etc/pam_pkcs11/pkcs11_eventmgr.conf" file to uncomment the
 following line:
 
-    #&#x2F;usr&#x2F;X11R6&#x2F;bin&#x2F;xscreensaver-command -lock
-
-    Modify the &quot;&#x2F;etc&#x2F;pam_pkcs11&#x2F;pam_pkcs11.conf&quot; file to use the cackey
-module if required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>296e4345-4f90-4d47-b6e2-8a88b0e30e45</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
+    #/usr/X11R6/bin/xscreensaver-command -lock
+
+    Modify the "/etc/pam_pkcs11/pam_pkcs11.conf" file to use the cackey
+module if required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71965\" do\n  title \"The Red Hat Enterprise Linux operating system must uniquely identify\nand must authenticate organizational users (or processes acting on behalf of\norganizational users) using multifactor authentication.\"\n  desc  \"To assure accountability and prevent unauthenticated access,\norganizational users must be identified and authenticated to prevent potential\nmisuse and compromise of the system.\n\n    Organizational users include organizational employees or individuals the\norganization deems to have equivalent status of employees (e.g., contractors).\nOrganizational users (and processes acting on behalf of users) must be uniquely\nidentified and authenticated to all accesses, except for the following:\n\n    1) Accesses explicitly identified and documented by the organization.\nOrganizations document specific user actions that can be performed on the\ninformation system without identification or authentication;\n\n    and\n\n    2) Accesses that occur through authorized use of group authenticators\nwithout individual authentication. Organizations may require unique\nidentification of individuals in group accounts (e.g., shared privilege\naccounts) or for detailed accountability of individual activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system requires multifactor authentication to uniquely\nidentify organizational users using multifactor authentication.\n\n    Check to see if smartcard authentication is enforced on the system:\n\n    # authconfig --test | grep \\\"pam_pkcs11 is enabled\\\"\n\n    If no results are returned, this is a finding.\n\n    # authconfig --test | grep \\\"smartcard removal action\\\"\n\n    If \\\"smartcard removal action\\\" is blank, this is a finding.\n\n    # authconfig --test | grep \\\"smartcard module\\\"\n\n    If \\\"smartcard module\\\" is blank, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require individuals to be authenticated\nwith a multifactor authenticator.\n\n    Enable smartcard logons with the following commands:\n\n    # authconfig --enablesmartcard --smartcardaction=0 --update\n    # authconfig --enablerequiresmartcard -update\n\n    Modify the \\\"/etc/pam_pkcs11/pkcs11_eventmgr.conf\\\" file to uncomment the\nfollowing line:\n\n    #/usr/X11R6/bin/xscreensaver-command -lock\n\n    Modify the \\\"/etc/pam_pkcs11/pam_pkcs11.conf\\\" file to use the cackey\nmodule if required.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000104-GPOS-00051\"\n  tag satisfies: [\"SRG-OS-000104-GPOS-00051\", \"SRG-OS-000106-GPOS-00053\",\n\"SRG-OS-000107-GPOS-00054\", \"SRG-OS-000109-GPOS-00056\",\n\"SRG-OS-000108-GPOS-00055\", \"SRG-OS-000108-GPOS-00057\",\n\"SRG-OS-000108-GPOS-00058\"]\n  tag gid: \"V-71965\"\n  tag rid: \"SV-86589r2_rule\"\n  tag stig_id: \"RHEL-07-010500\"\n  tag fix_id: \"F-78317r3_fix\"\n  tag cci: [\"CCI-000766\"]\n  tag nist: [\"IA-2 (2)\", \"Rev_4\"]\n\n  smart_card_status = input('smart_card_status')\n  if smart_card_status.eql?('enabled')\n    impact 0.5\n    describe command(\"authconfig --test | grep -i smartcard\") do\n      its('stdout') { should match %r{use\\sonly\\ssmartcard\\sfor\\slogin\\sis\\s#{smart_card_status}} }\n      its('stdout') { should match %r{smartcard\\smodule\\s=\\s\".+\"} }\n      its('stdout') { should match %r{smartcard\\sremoval\\saction\\s=\\s\".+\"} }\n    end\n  else\n    impact 0.0\n    describe \"The system is not smartcard enabled\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /use\sonly\ssmartcard\sfor\slogin\sis\senabled/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /use\sonly\ssmartcard\sfor\slogin\sis\senabled/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;use\sonly\ssmartcard\sfor\slogin\sis\senabled&#x2F;
+-/use\sonly\ssmartcard\sfor\slogin\sis\senabled/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
++ smartcard module = ""
++ smartcard removal action = ""
 
 --------------------------------
-passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
+passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /smartcard\smodule\s=\s".+"/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /smartcard\smodule\s=\s".+"/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;smartcard\smodule\s&#x3D;\s&quot;.+&quot;&#x2F;
+-/smartcard\smodule\s=\s".+"/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
++ smartcard module = ""
++ smartcard removal action = ""
 
 --------------------------------
-passed
-Command: &#x60;authconfig --test | grep -i smartcard&#x60; stdout is expected to match &#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
-expected &quot;SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module &#x3D; \&quot;\&quot;\n smartcard removal action &#x3D; \&quot;\&quot;\n&quot; to match &#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
+passed :: TEST Command: `authconfig --test | grep -i smartcard` stdout is expected to match /smartcard\sremoval\saction\s=\s".+"/ :: MESSAGE expected "SSSD smartcard support is disabled\n use only smartcard for login is disabled\n smartcard module = \"\"\n smartcard removal action = \"\"\n" to match /smartcard\sremoval\saction\s=\s".+"/
 Diff:
 @@ -1,2 +1,5 @@
--&#x2F;smartcard\sremoval\saction\s&#x3D;\s&quot;.+&quot;&#x2F;
+-/smartcard\sremoval\saction\s=\s".+"/
 +SSSD smartcard support is disabled
 + use only smartcard for login is disabled
-+ smartcard module &#x3D; &quot;&quot;
-+ smartcard removal action &#x3D; &quot;&quot;
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72313</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86937r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040800</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
++ smartcard module = ""
++ smartcard removal action = ""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72313</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86937r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040800</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SNMP community strings on the Red Hat Enterprise Linux operating
-system must be changed from the default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system must be changed from the default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Whether active or not, default Simple Network Management Protocol
 (SNMP) community strings must be changed to maintain security. If the service
 is running with the default authenticators, anyone can gather data about the
 system and the network and use the information to potentially compromise the
 integrity of the system or network(s). It is highly recommended that SNMP
 version 3 user authentication and message encryption be used in place of the
-version 2 community strings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+version 2 community strings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that a system using SNMP is not using default community strings.
 
-    Check to see if the &quot;&#x2F;etc&#x2F;snmp&#x2F;snmpd.conf&quot; file exists with the following
+    Check to see if the "/etc/snmp/snmpd.conf" file exists with the following
 command:
 
-    # ls -al &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
+    # ls -al /etc/snmp/snmpd.conf
      -rw-------   1 root root      52640 Mar 12 11:08 snmpd.conf
 
     If the file does not exist, this is Not Applicable.
@@ -20164,284 +19263,273 @@ command:
     If the file does exist, check for the default community strings with the
 following commands:
 
-    # grep public &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
-    # grep private &#x2F;etc&#x2F;snmp&#x2F;snmpd.conf
-
-    If either of these commands returns any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the &quot;&#x2F;etc&#x2F;snmp&#x2F;snmpd.conf&quot; file exists, modify any lines
-that contain a community string value of &quot;public&quot; or &quot;private&quot; to another
-string value.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>92ff85d8-83ec-4ba6-8366-87ee5bdaacf2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The &#x60;snmpd.conf&#x60; does not exist
-The snmpd.conf file does not exist, this control is Not Applicable</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72029</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86653r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grep public /etc/snmp/snmpd.conf
+    # grep private /etc/snmp/snmpd.conf
+
+    If either of these commands returns any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the "/etc/snmp/snmpd.conf" file exists, modify any lines
+that contain a community string value of "public" or "private" to another
+string value.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72313\" do\n  title \"SNMP community strings on the Red Hat Enterprise Linux operating\nsystem must be changed from the default.\"\n  desc  \"Whether active or not, default Simple Network Management Protocol\n(SNMP) community strings must be changed to maintain security. If the service\nis running with the default authenticators, anyone can gather data about the\nsystem and the network and use the information to potentially compromise the\nintegrity of the system or network(s). It is highly recommended that SNMP\nversion 3 user authentication and message encryption be used in place of the\nversion 2 community strings.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a system using SNMP is not using default community strings.\n\n    Check to see if the \\\"/etc/snmp/snmpd.conf\\\" file exists with the following\ncommand:\n\n    # ls -al /etc/snmp/snmpd.conf\n     -rw-------   1 root root      52640 Mar 12 11:08 snmpd.conf\n\n    If the file does not exist, this is Not Applicable.\n\n    If the file does exist, check for the default community strings with the\nfollowing commands:\n\n    # grep public /etc/snmp/snmpd.conf\n    # grep private /etc/snmp/snmpd.conf\n\n    If either of these commands returns any output, this is a finding.\n  \"\n  desc  \"fix\", \"If the \\\"/etc/snmp/snmpd.conf\\\" file exists, modify any lines\nthat contain a community string value of \\\"public\\\" or \\\"private\\\" to another\nstring value.\"\n\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72313\"\n  tag rid: \"SV-86937r2_rule\"\n  tag stig_id: \"RHEL-07-040800\"\n  tag fix_id: \"F-78667r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  if file('/etc/snmp/snmpd.conf').exist?\n    impact 0.7\n    processed = []\n    to_process = ['/etc/snmp/snmpd.conf']\n\n    while !to_process.empty?\n      in_process = to_process.pop\n      next if processed.include? in_process\n      processed.push in_process\n\n      if file(in_process).directory?\n        to_process.concat(\n          command(\"find #{in_process} -maxdepth 1 -mindepth 1 -name '*.conf'\").\n            stdout.strip.split(\"\\n\").\n            select { |f| file(f).file? }\n        )\n      elsif file(in_process).file?\n        to_process.concat(\n          command(\"grep -E '^\\\\s*includeFile\\\\s+' #{in_process} | sed 's/^[[:space:]]*includeFile[[:space:]]*//g'\").\n            stdout.strip.split(%r{\\n+}).\n            map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n            select { |f| file(f).file? }\n        )\n        to_process.concat(\n          command(\"grep -E '^\\\\s*includeDir\\\\s+' #{in_process} | sed 's/^[[:space:]]*includeDir[[:space:]]*//g'\").\n            stdout.strip.split(%r{\\n+}).\n            map { |f| f.start_with?('/') ? f : File.join('/', f) }. # relative dirs are treated as absolute\n            select { |f| file(f).directory? }\n        )\n      end\n    end\n\n    config_files = processed.select { |f| file(f).file? }\n\n    config_files.each do |config|\n      describe file(config) do\n        its('content') { should_not match %r{^[^#]*(public|private)} }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The `snmpd.conf` does not exist\" do\n      skip \"The snmpd.conf file does not exist, this control is Not Applicable\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The `snmpd.conf` does not exist :: SKIP_MESSAGE The snmpd.conf file does not exist, this control is Not Applicable</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72029</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86653r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local initialization files for interactive users are owned by the home
-directory user or root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Local initialization files are used to configure the user&#39;s shell
+directory user or root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Local initialization files are used to configure the user's shell
 environment upon logon. Malicious modification of these files could compromise
-accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the local initialization files of all local interactive users are
-group-owned by that user&#39;s primary Group Identifier (GID).
+group-owned by that user's primary Group Identifier (GID).
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and a primary group of &quot;users&quot;.
+"/home/smithj" and a primary group of "users".
 
-    # cut -d: -f 1,4,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1000:&#x2F;home&#x2F;smithj
+    # cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1000:/home/smithj
 
-    # grep 1000 &#x2F;etc&#x2F;group
+    # grep 1000 /etc/group
     users:x:1000:smithj,jonesj,jacksons
 
     Note: This may miss interactive users that have been assigned a privileged
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    Check the group owner of all local interactive user&#39;s initialization files
+    Check the group owner of all local interactive user's initialization files
 with the following command:
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
     -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
     -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something
 
-    If all local interactive user&#39;s initialization files are not group-owned by
-that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If all local interactive user's initialization files are not group-owned by
+that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the owner of the local initialization files for interactive users to
 either the directory owner or root with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7e13cd13-31d8-44c7-814e-687bda11012f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files and Directories not owned by the user or root of the parent home directory is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72417</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87041r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72029\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files for interactive users are owned by the home\ndirectory user or root.\"\n  desc  \"Local initialization files are used to configure the user's shell\nenvironment upon logon. Malicious modification of these files could compromise\naccounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the local initialization files of all local interactive users are\ngroup-owned by that user's primary Group Identifier (GID).\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\" and a primary group of \\\"users\\\".\n\n    # cut -d: -f 1,4,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1000:/home/smithj\n\n    # grep 1000 /etc/group\n    users:x:1000:smithj,jonesj,jacksons\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    Check the group owner of all local interactive user's initialization files\nwith the following command:\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login\n    -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something\n\n    If all local interactive user's initialization files are not group-owned by\nthat user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the owner of the local initialization files for interactive users to\neither the directory owner or root with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72029\"\n  tag rid: \"SV-86653r3_rule\"\n  tag stig_id: \"RHEL-07-020690\"\n  tag fix_id: \"F-78381r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -name '.*' -not -user #{user_info.username} -a -not -user root\").stdout.split(\"\\n\")\n  end\n  describe \"Files and Directories not owned by the user or root of the parent home directory\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files and Directories not owned by the user or root of the parent home directory is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72417</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87041r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have the required
-        packages for multifactor authentication installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+        packages for multifactor authentication installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
         separate from the information system, ensures that even if the information
         system is compromised, that compromise will not affect credentials stored on
@@ -20464,14 +19552,14 @@ Files and Directories not owned by the user or root of the parent home directory
         This requirement only applies to components where this is specific to the
         function of the device or has the concept of an organizational user (e.g., VPN,
         proxy capability). This does not apply to authentication for the purpose of
-        configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+        configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system has the packages required for multifactor
 authentication installed.
 
@@ -20484,205 +19572,174 @@ esc-1.1.0-26.el7.noarch.rpm
 # yum list installed pam_pkcs11
 pam_pkcs11-0.6.2-14.el7.noarch.rpm
 
-If the &quot;esc&quot; and &quot;pam_pkcs11&quot; packages are not installed, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "esc" and "pam_pkcs11" packages are not installed, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement multifactor authentication by
 installing the required packages.
 
-Install the &quot;esc&quot; and &quot;pam_pkcs11&quot; packages on the system with the
+Install the "esc" and "pam_pkcs11" packages on the system with the
 following command:
 
-# yum install esc pam_pkcs11</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ce77f883-365e-4027-8834-662b72110747</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package nss-pam-ldapd&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package esc&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pam_pkcs11&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pam_krb5&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package opensc&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite-ccid&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package gdm&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package authconfig-gtk&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package krb5-workstation&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package krb5-pkinit&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite&#x60; is installed
---------------------------------
-passed
-The package is expected to be installed
-expected that &#x60;System Package pcsc-lite-libs&#x60; is installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73177</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000424-GPOS-00188</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87829r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum install esc pam_pkcs11</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72417\" do\n  title \"The Red Hat Enterprise Linux operating system must have the required\n        packages for multifactor authentication installed.\"\n\n  desc  \"Using an authentication device, such as a CAC or token that is\n        separate from the information system, ensures that even if the information\n        system is compromised, that compromise will not affect credentials stored on\n        the authentication device.\n\n        Multifactor solutions that require devices separate from information\n        systems gaining access include, for example, hardware tokens providing\n        time-based or challenge-response authenticators and smart cards such as the\n        U.S. Government Personal Identity Verification card and the DoD Common Access\n        Card.\n\n        A privileged account is defined as an information system account with\n        authorizations of a privileged user.\n\n        Remote access is access to DoD nonpublic information systems by an\n        authorized user (or an information system) communicating through an external,\n        non-organization-controlled network. Remote access methods include, for\n        example, dial-up, broadband, and wireless.\n\n        This requirement only applies to components where this is specific to the\n        function of the device or has the concept of an organizational user (e.g., VPN,\n        proxy capability). This does not apply to authentication for the purpose of\n        configuring the device itself (management).\"\n\n  desc  \"check\", \"\n        Verify the operating system has the packages required for multifactor\n        authentication installed.\n\n        Check for the presence of the packages required to support multifactor\n        authentication with the following commands:\n\n        # yum list installed esc\n        esc-1.1.0-26.el7.noarch.rpm\n\n        # yum list installed pam_pkcs11\n        pam_pkcs11-0.6.2-14.el7.noarch.rpm\n\n        If the \\\"esc\\\" and \\\"pam_pkcs11\\\" packages are not installed, this is a\n        finding.\"\n\n  desc  \"fix\", \"\n        Configure the operating system to implement multifactor authentication by\n        installing the required packages.\n\n        Install the \\\"esc\\\" and \\\"pam_pkcs11\\\" packages on the system with the\n        following command:\n\n        # yum install esc pam_pkcs11\"\n\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\", \"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72417\"\n  tag rid: \"SV-87041r4_rule\"\n  tag stig_id: \"RHEL-07-041001\"\n  tag fix_id: \"F-78769r4_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  mfa_pkg_list = input('mfa_pkg_list')\n  smart_card_status = input('smart_card_status')\n\n  if smart_card_status.eql?('disabled')\n    impact 0.0\n    describe \"The system is not smartcard enabled thus this control is Not Applicable\" do\n      skip \"The system is not using Smartcards / PIVs to fulfil the MFA requirement, this control is Not Applicable.\"\n    end \n  elsif mfa_pkg_list.empty?\n    describe \"The required Smartcard packages have not beed defined, plese define them in your `inputs`.\" do\n      subjec { mfa_pkg_list }\n      it { should_not be_empty }\n    end\n  else\n    mfa_pkg_list.each do |pkg|\n      describe \"The package\" do\n        subject { package(\"#{pkg}\") }\n        it { should be_installed }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package nss-pam-ldapd` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package esc` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pam_pkcs11` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pam_krb5` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package opensc` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite-ccid` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package gdm` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package authconfig-gtk` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package krb5-workstation` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package krb5-pkinit` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite` is installed
+--------------------------------
+passed :: TEST The package is expected to be installed :: MESSAGE expected that `System Package pcsc-lite-libs` is installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73177</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000424-GPOS-00188</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87829r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all wireless network adapters are disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all wireless network adapters are disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of wireless networking can introduce many different attack
-vectors into the organization&#39;s network. Common attack vectors such as
+vectors into the organization's network. Common attack vectors such as
 malicious association and ad hoc networks will allow an attacker to spoof a
 wireless access point (AP), allowing validated systems to connect to the
 malicious AP and enabling the attacker to monitor and record network traffic.
 These malicious APs can also serve to create a man-in-the-middle attack or be
-used to create a denial of service to valid network resources.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to create a denial of service to valid network resources.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that there are no wireless interfaces configured on the system.
 
-    This is N&#x2F;A for systems that do not have wireless network adapters.
+    This is N/A for systems that do not have wireless network adapters.
 
     Check for the presence of active wireless interfaces with the following
 command:
@@ -20695,437 +19752,420 @@ command:
 
     If a wireless interface is configured and its use on the system is not
 documented with the Information System Security Officer (ISSO), this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable all wireless network interfaces with the
 following command:
 
-    #nmcli radio wifi off</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c6f914d9-6752-4403-9827-ec2dad83ae80</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001443</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001444</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;nmcli device&#x60; stdout.strip is expected not to match &#x2F;wifi connected&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72027</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86651r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020680</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #nmcli radio wifi off</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73177\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all wireless network adapters are disabled.\"\n  desc  \"The use of wireless networking can introduce many different attack\nvectors into the organization's network. Common attack vectors such as\nmalicious association and ad hoc networks will allow an attacker to spoof a\nwireless access point (AP), allowing validated systems to connect to the\nmalicious AP and enabling the attacker to monitor and record network traffic.\nThese malicious APs can also serve to create a man-in-the-middle attack or be\nused to create a denial of service to valid network resources.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that there are no wireless interfaces configured on the system.\n\n    This is N/A for systems that do not have wireless network adapters.\n\n    Check for the presence of active wireless interfaces with the following\ncommand:\n\n    # nmcli device\n    DEVICE TYPE STATE\n    eth0 ethernet connected\n    wlp3s0 wifi disconnected\n    lo loopback unmanaged\n\n    If a wireless interface is configured and its use on the system is not\ndocumented with the Information System Security Officer (ISSO), this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable all wireless network interfaces with the\nfollowing command:\n\n    #nmcli radio wifi off\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000424-GPOS-00188\"\n  tag gid: \"V-73177\"\n  tag rid: \"SV-87829r2_rule\"\n  tag stig_id: \"RHEL-07-041010\"\n  tag fix_id: \"F-79623r1_fix\"\n  tag cci: [\"CCI-001443\", \"CCI-001444\", \"CCI-002418\"]\n  tag nist: [\"AC-18 (1)\", \"AC-18 (1)\", \"SC-8\", \"Rev_4\"]\n\n  describe command('nmcli device') do\n    its('stdout.strip') { should_not match %r{wifi connected} }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001443</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001444</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `nmcli device` stdout.strip is expected not to match /wifi connected/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72027</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86651r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020680</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
-directories have a mode of 0750 or less permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directories have a mode of 0750 or less permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user files have excessive permissions,
-unintended users may be able to access or modify them.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unintended users may be able to access or modify them.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories contained in a local interactive user home
-directory, excluding local initialization files, have a mode of &quot;0750&quot;.
+directory, excluding local initialization files, have a mode of "0750".
 
     Check the mode of all non-initialization files in a local interactive user
 home directory with the following command:
 
-    Files that begin with a &quot;.&quot; are excluded from this requirement.
+    Files that begin with a "." are excluded from this requirement.
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;home&#x2F;smithj
+    # ls -lLR /home/smithj
     -rwxr-x--- 1 smithj smithj  18 Mar  5 17:06 file1
     -rwxr----- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r-x--- 1 smithj smithj 231 Mar  5 17:06 file3
 
-    If any files are found with a mode more permissive than &quot;0750&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files are found with a mode more permissive than "0750", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the mode on files and directories in the local interactive user home
 directory with the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and is a member of the users group.
-
-    # chmod 0750 &#x2F;home&#x2F;smithj&#x2F;&lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4daf0636-1517-4ce4-b01c-345d79c30d31</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72155</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86779r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj" and is a member of the users group.
+
+    # chmod 0750 /home/smithj/&lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72027\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories have a mode of 0750 or less permissive.\"\n  desc  \"If a local interactive user files have excessive permissions,\nunintended users may be able to access or modify them.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories contained in a local interactive user home\ndirectory, excluding local initialization files, have a mode of \\\"0750\\\".\n\n    Check the mode of all non-initialization files in a local interactive user\nhome directory with the following command:\n\n    Files that begin with a \\\".\\\" are excluded from this requirement.\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /home/smithj\n    -rwxr-x--- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rwxr----- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r-x--- 1 smithj smithj 231 Mar  5 17:06 file3\n\n    If any files are found with a mode more permissive than \\\"0750\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Set the mode on files and directories in the local interactive user home\ndirectory with the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\" and is a member of the users group.\n\n    # chmod 0750 /home/smithj/&lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72027\"\n  tag rid: \"SV-86651r2_rule\"\n  tag stig_id: \"RHEL-07-020680\"\n  tag fix_id: \"F-78379r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -xdev ! -name '.*' -perm /027 ! -type l\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories with excessive permissions\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72155</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86779r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chage command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chage command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chage&quot; command occur.
+successful/unsuccessful attempts to use the "chage" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chage &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chage /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chage&quot; command occur.
+successful/unsuccessful attempts to use the "chage" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-passwd
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8ed2ad1b-e659-4c1c-bcfc-a210afa018de</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chage&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chage&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71905</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000070-GPOS-00038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86529r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72155\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chage command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chage\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/chage /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chage\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72155\"\n  tag rid: \"SV-86779r5_rule\"\n  tag stig_id: \"RHEL-07-030660\"\n  tag fix_id: \"F-78507r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chage'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chage" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chage" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71905</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000070-GPOS-00038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86529r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one lower-case character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one lower-case character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -21134,492 +20174,474 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of lower-case characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;lcredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "lcredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep lcredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    lcredit &#x3D; -1
+    # grep lcredit /etc/security/pwquality.conf
+    lcredit = -1
 
-    If the value of &quot;lcredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "lcredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to require at least one lower-case character when
 creating or changing a password.
 
     Add or modify the following line
-    in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;:
-
-    lcredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2eb7a38b-25c1-42ce-bcd4-52d819e92592</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf lcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72281</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86905r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    in "/etc/security/pwquality.conf":
+
+    lcredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71905\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one lower-case character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of lower-case characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"lcredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep lcredit /etc/security/pwquality.conf\n    lcredit = -1\n\n    If the value of \\\"lcredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to require at least one lower-case character when\ncreating or changing a password.\n\n    Add or modify the following line\n    in \\\"/etc/security/pwquality.conf\\\":\n\n    lcredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000070-GPOS-00038\"\n  tag gid: \"V-71905\"\n  tag rid: \"SV-86529r5_rule\"\n  tag stig_id: \"RHEL-07-010130\"\n  tag fix_id: \"F-78257r6_fix\"\n  tag cci: [\"CCI-000193\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('lcredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf lcredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72281</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86905r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For Red Hat Enterprise Linux operating systems using DNS resolution,
-at least two name servers must be configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+at least two name servers must be configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To provide availability for name resolution services, multiple
 redundant name servers are mandated. A failure in name resolution could lead to
 the failure of security functions requiring name resolution, which may include
-time synchronization, centralized authentication, and remote system logging.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+time synchronization, centralized authentication, and remote system logging.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Determine whether the system is using local or DNS name resolution with the
 following command:
 
-    # grep hosts &#x2F;etc&#x2F;nsswitch.conf
+    # grep hosts /etc/nsswitch.conf
     hosts:   files dns
 
-    If the DNS entry is missing from the host&#39;s line in the
-&quot;&#x2F;etc&#x2F;nsswitch.conf&quot; file, the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file must be empty.
+    If the DNS entry is missing from the host's line in the
+"/etc/nsswitch.conf" file, the "/etc/resolv.conf" file must be empty.
 
-    Verify the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file is empty with the following command:
+    Verify the "/etc/resolv.conf" file is empty with the following command:
 
-    # ls -al &#x2F;etc&#x2F;resolv.conf
+    # ls -al /etc/resolv.conf
     -rw-r--r--  1 root root        0 Aug 19 08:31 resolv.conf
 
-    If local host authentication is being used and the &quot;&#x2F;etc&#x2F;resolv.conf&quot;
+    If local host authentication is being used and the "/etc/resolv.conf"
 file is not empty, this is a finding.
 
-    If the DNS entry is found on the host&#39;s line of the &quot;&#x2F;etc&#x2F;nsswitch.conf&quot;
+    If the DNS entry is found on the host's line of the "/etc/nsswitch.conf"
 file, verify the operating system is configured to use two or more name servers
 for DNS resolution.
 
     Determine the name servers used by the system with the following command:
 
-    # grep nameserver &#x2F;etc&#x2F;resolv.conf
+    # grep nameserver /etc/resolv.conf
     nameserver 192.168.1.2
     nameserver 192.168.1.3
 
     If less than two lines are returned that are not commented out, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to use two or more name servers for DNS
 resolution.
 
-    Edit the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file to uncomment or add the two or more
-&quot;nameserver&quot; option lines with the IP address of local authoritative name
-servers. If local host resolution is being performed, the &quot;&#x2F;etc&#x2F;resolv.conf&quot;
-file must be empty. An empty &quot;&#x2F;etc&#x2F;resolv.conf&quot; file can be created as
+    Edit the "/etc/resolv.conf" file to uncomment or add the two or more
+"nameserver" option lines with the IP address of local authoritative name
+servers. If local host resolution is being performed, the "/etc/resolv.conf"
+file must be empty. An empty "/etc/resolv.conf" file can be created as
 follows:
 
-    # echo -n &gt; &#x2F;etc&#x2F;resolv.conf
+    # echo -n &gt; /etc/resolv.conf
 
     And then make the file immutable with the following command:
 
-    # chattr +i &#x2F;etc&#x2F;resolv.conf
+    # chattr +i /etc/resolv.conf
 
-    If the &quot;&#x2F;etc&#x2F;resolv.conf&quot; file must be mutable, the required
+    If the "/etc/resolv.conf" file must be mutable, the required
 configuration must be documented with the Information System Security Officer
-(ISSO) and the file must be verified by the system file integrity tool.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>13f019cc-f2d2-4de5-a14e-0e3b36d8fa49</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-The system&#39;s nameservers: [&quot;nameserver 172.31.0.2&quot;] is expected not to equal nil
---------------------------------
-passed
-The number of nameservers is expected to cmp &gt;&#x3D; 2
-
-expected it to be &gt;&#x3D; 2
+(ISSO) and the file must be verified by the system file integrity tool.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72281\" do\n  title \"For Red Hat Enterprise Linux operating systems using DNS resolution,\nat least two name servers must be configured.\"\n  desc  \"To provide availability for name resolution services, multiple\nredundant name servers are mandated. A failure in name resolution could lead to\nthe failure of security functions requiring name resolution, which may include\ntime synchronization, centralized authentication, and remote system logging.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Determine whether the system is using local or DNS name resolution with the\nfollowing command:\n\n    # grep hosts /etc/nsswitch.conf\n    hosts:   files dns\n\n    If the DNS entry is missing from the host's line in the\n\\\"/etc/nsswitch.conf\\\" file, the \\\"/etc/resolv.conf\\\" file must be empty.\n\n    Verify the \\\"/etc/resolv.conf\\\" file is empty with the following command:\n\n    # ls -al /etc/resolv.conf\n    -rw-r--r--  1 root root        0 Aug 19 08:31 resolv.conf\n\n    If local host authentication is being used and the \\\"/etc/resolv.conf\\\"\nfile is not empty, this is a finding.\n\n    If the DNS entry is found on the host's line of the \\\"/etc/nsswitch.conf\\\"\nfile, verify the operating system is configured to use two or more name servers\nfor DNS resolution.\n\n    Determine the name servers used by the system with the following command:\n\n    # grep nameserver /etc/resolv.conf\n    nameserver 192.168.1.2\n    nameserver 192.168.1.3\n\n    If less than two lines are returned that are not commented out, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to use two or more name servers for DNS\nresolution.\n\n    Edit the \\\"/etc/resolv.conf\\\" file to uncomment or add the two or more\n\\\"nameserver\\\" option lines with the IP address of local authoritative name\nservers. If local host resolution is being performed, the \\\"/etc/resolv.conf\\\"\nfile must be empty. An empty \\\"/etc/resolv.conf\\\" file can be created as\nfollows:\n\n    # echo -n &gt; /etc/resolv.conf\n\n    And then make the file immutable with the following command:\n\n    # chattr +i /etc/resolv.conf\n\n    If the \\\"/etc/resolv.conf\\\" file must be mutable, the required\nconfiguration must be documented with the Information System Security Officer\n(ISSO) and the file must be verified by the system file integrity tool.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72281\"\n  tag rid: \"SV-86905r2_rule\"\n  tag stig_id: \"RHEL-07-040600\"\n  tag fix_id: \"F-78635r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  dns_in_host_line = parse_config_file(\"/etc/nsswitch.conf\",\n    {\n      comment_char: '#',\n      assignment_regex: /^\\s*([^:]*?)\\s*:\\s*(.*?)\\s*$/,\n    }\n  ).params['hosts'].include?('dns')\n\n  describe \"If `local` resolution is being used, a `hosts` entry in /etc/nsswitch.conf having `dns`\" do\n    subject { dns_in_host_line }\n    it { should be false }\n  end if !dns_in_host_line\n\n  describe \"If `local` resoultion is being used, the /etc/resolv.conf file should\" do\n    subject { parse_config_file(\"/etc/resolv.conf\", { comment_char: '#'}).params }\n    it { should be_empty }\n  end if !dns_in_host_line\n\n  nameservers = parse_config_file(\"/etc/resolv.conf\",\n    { comment_char: '#'}\n  ).params.keys.grep(/nameserver/)\n\n  describe \"The system's nameservers: #{nameservers}\" do\n  subject { nameservers }\n    it { should_not be nil }\n  end if dns_in_host_line\n\n  describe \"The number of nameservers\" do\n  subject { nameservers.count }\n    it { should cmp &gt;= 2 }\n  end if dns_in_host_line\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST The system's nameservers: ["nameserver 172.31.0.2"] is expected not to equal nil
+--------------------------------
+passed :: TEST The number of nameservers is expected to cmp &gt;= 2 :: MESSAGE 
+expected it to be &gt;= 2
      got: 1
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77825</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92521r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77825</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92521r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement virtual
-address space randomization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+address space randomization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Address space layout randomization (ASLR) makes it more difficult for
 an attacker to predict the location of attack code he or she has introduced
-into a process&#39;s address space during an attempt at exploitation. Additionally,
+into a process's address space during an attempt at exploitation. Additionally,
 ASLR also makes it more difficult for an attacker to know the location of
 existing code in order to repurpose it using return-oriented programming (ROP)
-techniques.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+techniques.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements virtual address space randomization.
 
-    # grep kernel.randomize_va_space &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/*
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
-    If &quot;kernel.randomize_va_space&quot; is not configured in the &#x2F;etc&#x2F;sysctl.conf
-file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or does not have a
-value of &quot;2&quot;, this is a finding.
+    If "kernel.randomize_va_space" is not configured in the /etc/sysctl.conf
+file or in the /etc/sysctl.d/ directory, is commented out or does not have a
+value of "2", this is a finding.
 
     Check that the operating system implements virtual address space
 randomization with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep kernel.randomize_va_space
+    # /sbin/sysctl -a | grep kernel.randomize_va_space
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
-    If &quot;kernel.randomize_va_space&quot; does not have a value of &quot;2&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "kernel.randomize_va_space" does not have a value of "2", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system implement virtual address space
 randomization.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a config file in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory
+line to "/etc/sysctl.conf" or a config file in the /etc/sysctl.d/ directory
 (or modify the line to have the required value):
 
-    kernel.randomize_va_space &#x3D; 2
+    kernel.randomize_va_space = 2
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0ed2ba3d-e302-4de8-b71b-58a15c660775</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter kernel.randomize_va_space value is expected to eq 2</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77821</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000378-GPOS-00163</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92517r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77825\" do\n  title \"The Red Hat Enterprise Linux operating system must implement virtual\naddress space randomization.\"\n  desc  \"Address space layout randomization (ASLR) makes it more difficult for\nan attacker to predict the location of attack code he or she has introduced\ninto a process's address space during an attempt at exploitation. Additionally,\nASLR also makes it more difficult for an attacker to know the location of\nexisting code in order to repurpose it using return-oriented programming (ROP)\ntechniques.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements virtual address space randomization.\n\n    # grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/*\n\n    kernel.randomize_va_space = 2\n\n    If \\\"kernel.randomize_va_space\\\" is not configured in the /etc/sysctl.conf\nfile or in the /etc/sysctl.d/ directory, is commented out or does not have a\nvalue of \\\"2\\\", this is a finding.\n\n    Check that the operating system implements virtual address space\nrandomization with the following command:\n\n    # /sbin/sysctl -a | grep kernel.randomize_va_space\n\n    kernel.randomize_va_space = 2\n\n    If \\\"kernel.randomize_va_space\\\" does not have a value of \\\"2\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system implement virtual address space\nrandomization.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a config file in the /etc/sysctl.d/ directory\n(or modify the line to have the required value):\n\n    kernel.randomize_va_space = 2\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-77825\"\n  tag rid: \"SV-92521r2_rule\"\n  tag stig_id: \"RHEL-07-040201\"\n  tag fix_id: \"F-84531r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  randomize_va_space = input('randomize_va_space')\n\n  describe kernel_parameter('kernel.randomize_va_space') do\n    its('value') { should eq randomize_va_space }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter kernel.randomize_va_space value is expected to eq 2</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77821</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000378-GPOS-00163</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92517r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled
-unless required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unless required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Disabling DCCP protects the system against exploitation of any flaws
-in the protocol implementation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+in the protocol implementation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system disables the ability to load the DCCP kernel
 module.
 
-    # grep -r dccp &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;&#x2F;bin&#x2F;true&quot; | grep -v &quot;^#&quot;
+    # grep -r dccp /etc/modprobe.d/* | grep -i "/bin/true" | grep -v "^#"
 
-    install dccp &#x2F;bin&#x2F;true
+    install dccp /bin/true
 
     If the command does not return any output, or the line is commented out,
 and use of DCCP is not documented with the Information System Security Officer
@@ -21631,594 +20653,570 @@ module.
     Check to see if the DCCP kernel module is disabled with the following
 command:
 
-    # grep -i dccp &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;blacklist&quot; | grep -v &quot;^#&quot;
+    # grep -i dccp /etc/modprobe.d/* | grep -i "blacklist" | grep -v "^#"
 
     blacklist dccp
 
-    If the command does not return any output or the output is not &quot;blacklist
-dccp&quot;, and use of the dccp kernel module is not documented with the
+    If the command does not return any output or the output is not "blacklist
+dccp", and use of the dccp kernel module is not documented with the
 Information System Security Officer (ISSO) as an operational requirement, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to use the DCCP
 kernel module.
 
-    Create a file under &quot;&#x2F;etc&#x2F;modprobe.d&quot; with the following command:
+    Create a file under "/etc/modprobe.d" with the following command:
 
-    # touch &#x2F;etc&#x2F;modprobe.d&#x2F;dccp.conf
+    # touch /etc/modprobe.d/dccp.conf
 
     Add the following line to the created file:
 
-    install dccp &#x2F;bin&#x2F;true
+    install dccp /bin/true
 
     Ensure that the DCCP module is blacklisted:
 
-    # vi &#x2F;etc&#x2F;modprobe.d&#x2F;blacklist.conf
+    # vi /etc/modprobe.d/blacklist.conf
 
     Add or update the line:
 
-    blacklist dccp</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c7909635-28cc-4697-a716-e68afab0234a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Module dccp is expected not to be loaded
---------------------------------
-passed
-Kernel Module dccp is expected to be blacklisted</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86643r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    blacklist dccp</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77821\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the Datagram Congestion Control Protocol (DCCP) kernel module is disabled\nunless required.\"\n  desc  \"Disabling DCCP protects the system against exploitation of any flaws\nin the protocol implementation.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system disables the ability to load the DCCP kernel\nmodule.\n\n    # grep -r dccp /etc/modprobe.d/* | grep -i \\\"/bin/true\\\" | grep -v \\\"^#\\\"\n\n    install dccp /bin/true\n\n    If the command does not return any output, or the line is commented out,\nand use of DCCP is not documented with the Information System Security Officer\n(ISSO) as an operational requirement, this is a finding.\n\n    Verify the operating system disables the ability to use the DCCP kernel\nmodule.\n\n    Check to see if the DCCP kernel module is disabled with the following\ncommand:\n\n    # grep -i dccp /etc/modprobe.d/* | grep -i \\\"blacklist\\\" | grep -v \\\"^#\\\"\n\n    blacklist dccp\n\n    If the command does not return any output or the output is not \\\"blacklist\ndccp\\\", and use of the dccp kernel module is not documented with the\nInformation System Security Officer (ISSO) as an operational requirement, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to use the DCCP\nkernel module.\n\n    Create a file under \\\"/etc/modprobe.d\\\" with the following command:\n\n    # touch /etc/modprobe.d/dccp.conf\n\n    Add the following line to the created file:\n\n    install dccp /bin/true\n\n    Ensure that the DCCP module is blacklisted:\n\n    # vi /etc/modprobe.d/blacklist.conf\n\n    Add or update the line:\n\n    blacklist dccp\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000378-GPOS-00163\"\n  tag gid: \"V-77821\"\n  tag rid: \"SV-92517r3_rule\"\n  tag stig_id: \"RHEL-07-020101\"\n  tag fix_id: \"F-84521r3_fix\"\n  tag cci: [\"CCI-001958\"]\n  tag nist: [\"IA-3\", \"Rev_4\"]\n\n  describe kernel_module('dccp') do\n    it { should_not be_loaded }\n    it { should be_blacklisted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Module dccp is expected not to be loaded
+--------------------------------
+passed :: TEST Kernel Module dccp is expected to be blacklisted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86643r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories are owned by their respective
-users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user does not own their home directory,
-unauthorized users could access or modify the user&#39;s files, and the users may
-not be able to access their own files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized users could access or modify the user's files, and the users may
+not be able to access their own files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users on the
 system exists.
 
     Check the home directory assignment for all local interactive users on the
 system with the following command:
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
 
-    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 &#x2F;home&#x2F;smithj
+    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj
 
-    If any home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; are not owned by the
-interactive user, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the owner of a local interactive user&#39;s home directories to that
-owner. To change the owner of a local interactive user&#39;s home directory, use
+    If any home directories referenced in "/etc/passwd" are not owned by the
+interactive user, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the owner of a local interactive user's home directories to that
+owner. To change the owner of a local interactive user's home directory, use
 the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5cf0f58a-b651-4427-8aa2-53d480fdf294</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;root owner is expected to eq &quot;root&quot;
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user owner is expected to eq &quot;ec2-user&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71925</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86549r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72019\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are owned by their respective\nusers.\"\n  desc  \"If a local interactive user does not own their home directory,\nunauthorized users could access or modify the user's files, and the users may\nnot be able to access their own files.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users on the\nsystem exists.\n\n    Check the home directory assignment for all local interactive users on the\nsystem with the following command:\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n\n    -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj\n\n    If any home directories referenced in \\\"/etc/passwd\\\" are not owned by the\ninteractive user, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the owner of a local interactive user's home directories to that\nowner. To change the owner of a local interactive user's home directory, use\nthe following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72019\"\n  tag rid: \"SV-86643r5_rule\"\n  tag stig_id: \"RHEL-07-020640\"\n  tag fix_id: \"F-78371r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n      its('owner') { should eq user_info.username }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /root owner is expected to eq "root"
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user owner is expected to eq "ec2-user"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71925</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000075-GPOS-00043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86549r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords for new users are restricted to a 24 hours&#x2F;1 day minimum
-lifetime.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords for new users are restricted to a 24 hours/1 day minimum
+lifetime.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enforcing a minimum password lifetime helps to prevent repeated
 password changes to defeat the password reuse or history enforcement
 requirement. If users are allowed to immediately and continually change their
 password, the password could be repeatedly changed in a short period of time to
-defeat the organization&#39;s policy regarding password reuse.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system enforces 24 hours&#x2F;1 day as the minimum password
+defeat the organization's policy regarding password reuse.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system enforces 24 hours/1 day as the minimum password
 lifetime for new user accounts.
 
-    Check for the value of &quot;PASS_MIN_DAYS&quot; in &quot;&#x2F;etc&#x2F;login.defs&quot; with the
+    Check for the value of "PASS_MIN_DAYS" in "/etc/login.defs" with the
 following command:
 
-    # grep -i pass_min_days &#x2F;etc&#x2F;login.defs
+    # grep -i pass_min_days /etc/login.defs
     PASS_MIN_DAYS     1
 
-    If the &quot;PASS_MIN_DAYS&quot; parameter value is not &quot;1&quot; or greater, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to enforce 24 hours&#x2F;1 day as the minimum
+    If the "PASS_MIN_DAYS" parameter value is not "1" or greater, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to enforce 24 hours/1 day as the minimum
 password lifetime.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;login.defs&quot; (or modify the line to have
+    Add the following line in "/etc/login.defs" (or modify the line to have
 the required value):
 
-    PASS_MIN_DAYS     1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f8374299-d09f-49f4-9933-79ef92a48e44</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-login.defs PASS_MIN_DAYS.to_i is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72247</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86871r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040370</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    PASS_MIN_DAYS     1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71925\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords for new users are restricted to a 24 hours/1 day minimum\nlifetime.\"\n  desc  \"Enforcing a minimum password lifetime helps to prevent repeated\npassword changes to defeat the password reuse or history enforcement\nrequirement. If users are allowed to immediately and continually change their\npassword, the password could be repeatedly changed in a short period of time to\ndefeat the organization's policy regarding password reuse.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces 24 hours/1 day as the minimum password\nlifetime for new user accounts.\n\n    Check for the value of \\\"PASS_MIN_DAYS\\\" in \\\"/etc/login.defs\\\" with the\nfollowing command:\n\n    # grep -i pass_min_days /etc/login.defs\n    PASS_MIN_DAYS     1\n\n    If the \\\"PASS_MIN_DAYS\\\" parameter value is not \\\"1\\\" or greater, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce 24 hours/1 day as the minimum\npassword lifetime.\n\n    Add the following line in \\\"/etc/login.defs\\\" (or modify the line to have\nthe required value):\n\n    PASS_MIN_DAYS     1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000075-GPOS-00043\"\n  tag gid: \"V-71925\"\n  tag rid: \"SV-86549r2_rule\"\n  tag stig_id: \"RHEL-07-010230\"\n  tag fix_id: \"F-78277r1_fix\"\n  tag cci: [\"CCI-000198\"]\n  tag nist: [\"IA-5 (1) (d)\", \"Rev_4\"]\n\n  describe login_defs do\n    its('PASS_MIN_DAYS.to_i') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST login.defs PASS_MIN_DAYS.to_i is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72247</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86871r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040370</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not permit direct
-logons to the root account using remote access via SSH.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+logons to the root account using remote access via SSH.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Even though the communications channel may be encrypted, an additional
 layer of security is gained by extending the policy of not logging on directly
 as root. In addition, logging on with a user-specific account provides
-individual accountability of actions performed on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+individual accountability of actions performed on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify remote access using SSH prevents users from logging on directly as
 root.
 
     Check that SSH prevents users from logging on directly as root with the
 following command:
 
-    # grep -i permitrootlogin &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i permitrootlogin /etc/ssh/sshd_config
     PermitRootLogin no
 
-    If the &quot;PermitRootLogin&quot; keyword is set to &quot;yes&quot;, is missing, or is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "PermitRootLogin" keyword is set to "yes", is missing, or is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to stop users from logging on remotely as the root user.
 
-    Edit the appropriate  &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the
-line for the &quot;PermitRootLogin&quot; keyword and set its value to &quot;no&quot; (this file
+    Edit the appropriate  "/etc/ssh/sshd_config" file to uncomment or add the
+line for the "PermitRootLogin" keyword and set its value to "no" (this file
 may be named differently or be in a different location if using a version of
 SSH that is provided by a third-party vendor):
 
     PermitRootLogin no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d67b9348-7082-4926-b067-691d49dd7256</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitRootLogin is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72091</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86715r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72247\" do\n  title \"The Red Hat Enterprise Linux operating system must not permit direct\nlogons to the root account using remote access via SSH.\"\n  desc  \"Even though the communications channel may be encrypted, an additional\nlayer of security is gained by extending the policy of not logging on directly\nas root. In addition, logging on with a user-specific account provides\nindividual accountability of actions performed on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify remote access using SSH prevents users from logging on directly as\nroot.\n\n    Check that SSH prevents users from logging on directly as root with the\nfollowing command:\n\n    # grep -i permitrootlogin /etc/ssh/sshd_config\n    PermitRootLogin no\n\n    If the \\\"PermitRootLogin\\\" keyword is set to \\\"yes\\\", is missing, or is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to stop users from logging on remotely as the root user.\n\n    Edit the appropriate  \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the\nline for the \\\"PermitRootLogin\\\" keyword and set its value to \\\"no\\\" (this file\nmay be named differently or be in a different location if using a version of\nSSH that is provided by a third-party vendor):\n\n    PermitRootLogin no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72247\"\n  tag rid: \"SV-86871r3_rule\"\n  tag stig_id: \"RHEL-07-040370\"\n  tag fix_id: \"F-78601r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitRootLogin') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitRootLogin is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72091</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86715r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must immediately notify
 the System Administrator (SA) and Information System Security Officer (ISSO)
 (at a minimum) via email when the threshold for the repository maximum audit
-record storage capacity is reached.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+record storage capacity is reached.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when the threshold
 for the repository maximum audit record storage capacity is reached, they are
-unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unable to expand the audit record storage capacity before records are lost.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system immediately notifies the SA and ISSO (at a
 minimum) via email when the allocated audit record storage volume reaches 75
 percent of the repository maximum audit record storage capacity.
@@ -22227,160 +21225,155 @@ percent of the repository maximum audit record storage capacity.
 repository maximum audit record storage capacity is reached with the following
 command:
 
-    # grep -i space_left_action  &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    space_left_action &#x3D; email
+    # grep -i space_left_action  /etc/audit/auditd.conf
+    space_left_action = email
 
-    If the value of the &quot;space_left_action&quot; keyword is not set to &quot;email&quot;,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "space_left_action" keyword is not set to "email",
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to immediately notify the SA and ISSO (at a
 minimum) when the threshold for the repository maximum audit record storage
 capacity is reached.
 
-    Uncomment or edit the &quot;space_left_action&quot; keyword in
-&quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot; and set it to &quot;email&quot;.
-
-    space_left_action &#x3D; email</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2ca291b5-1c0a-40db-a586-4f0bff35ca7f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config space_left_action.downcase is expected to cmp &#x3D;&#x3D; &quot;email&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71963</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86587r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010490</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Uncomment or edit the "space_left_action" keyword in
+"/etc/audit/auditd.conf" and set it to "email".
+
+    space_left_action = email</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72091\" do\n  title \"The Red Hat Enterprise Linux operating system must immediately notify\nthe System Administrator (SA) and Information System Security Officer (ISSO)\n(at a minimum) via email when the threshold for the repository maximum audit\nrecord storage capacity is reached.\"\n  desc  \"If security personnel are not notified immediately when the threshold\nfor the repository maximum audit record storage capacity is reached, they are\nunable to expand the audit record storage capacity before records are lost.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system immediately notifies the SA and ISSO (at a\nminimum) via email when the allocated audit record storage volume reaches 75\npercent of the repository maximum audit record storage capacity.\n\n    Check what action the operating system takes when the threshold for the\nrepository maximum audit record storage capacity is reached with the following\ncommand:\n\n    # grep -i space_left_action  /etc/audit/auditd.conf\n    space_left_action = email\n\n    If the value of the \\\"space_left_action\\\" keyword is not set to \\\"email\\\",\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to immediately notify the SA and ISSO (at a\nminimum) when the threshold for the repository maximum audit record storage\ncapacity is reached.\n\n    Uncomment or edit the \\\"space_left_action\\\" keyword in\n\\\"/etc/audit/auditd.conf\\\" and set it to \\\"email\\\".\n\n    space_left_action = email\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72091\"\n  tag rid: \"SV-86715r2_rule\"\n  tag stig_id: \"RHEL-07-030340\"\n  tag fix_id: \"F-78443r1_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  describe auditd_conf do\n    its('space_left_action.downcase') { should cmp 'email' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config space_left_action.downcase is expected to cmp == "email"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71963</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86587r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010490</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems prior to version 7.2 using
 Unified Extensible Firmware Interface (UEFI) must require authentication upon
-booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use BIOS, this is Not Applicable.
     For systems that are running RHEL 7.2 or newer, this is Not Applicable.
 
     Check to see if an encrypted root password is set. On systems that use
 UEFI, use the following command:
 
-    # grep -i password &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
+    # grep -i password /boot/efi/EFI/redhat/grub.cfg
 
     password_pbkdf2 [superusers-account] [password-hash]
 
-    If the root password entry does not begin with &quot;password_pbkdf2&quot;, this is
+    If the root password entry does not begin with "password_pbkdf2", this is
 a finding.
 
-    If the &quot;superusers-account&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "superusers-account" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -22394,130 +21387,124 @@ a finding.
     PBKDF2 hash of your password is
 grub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
 
-    Edit &quot;&#x2F;etc&#x2F;grub.d&#x2F;40_custom&quot; and add the following lines below the
+    Edit "/etc/grub.d/40_custom" and add the following lines below the
 comments:
 
-    # vi &#x2F;etc&#x2F;grub.d&#x2F;40_custom
+    # vi /etc/grub.d/40_custom
 
-    set superusers&#x3D;&quot;root&quot;
+    set superusers="root"
 
     password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}
 
-    Generate a new &quot;grub.conf&quot; file with the new password with the following
+    Generate a new "grub.conf" file with the new password with the following
 commands:
 
-    # grub2-mkconfig --output&#x3D;&#x2F;tmp&#x2F;grub2.cfg
-    # mv &#x2F;tmp&#x2F;grub2.cfg &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ae95c515-01dc-4fbd-a9d4-e2046d866652</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-EFI is not in use
-EFI is not in use so this control is NA</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72427</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87051r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-041002</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # grub2-mkconfig --output=/tmp/grub2.cfg
+    # mv /tmp/grub2.cfg /boot/efi/EFI/redhat/grub.cfg</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71963\" do\n  title \"Red Hat Enterprise Linux operating systems prior to version 7.2 using\nUnified Extensible Firmware Interface (UEFI) must require authentication upon\nbooting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use BIOS, this is Not Applicable.\n    For systems that are running RHEL 7.2 or newer, this is Not Applicable.\n\n    Check to see if an encrypted root password is set. On systems that use\nUEFI, use the following command:\n\n    # grep -i password /boot/efi/EFI/redhat/grub.cfg\n\n    password_pbkdf2 [superusers-account] [password-hash]\n\n    If the root password entry does not begin with \\\"password_pbkdf2\\\", this is\na finding.\n\n    If the \\\"superusers-account\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-mkpasswd-pbkdf2\n\n    Enter Password:\n    Reenter Password:\n    PBKDF2 hash of your password is\ngrub.pbkdf2.sha512.10000.F3A7CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45\n\n    Edit \\\"/etc/grub.d/40_custom\\\" and add the following lines below the\ncomments:\n\n    # vi /etc/grub.d/40_custom\n\n    set superusers=\\\"root\\\"\n\n    password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}\n\n    Generate a new \\\"grub.conf\\\" file with the new password with the following\ncommands:\n\n    # grub2-mkconfig --output=/tmp/grub2.cfg\n    # mv /tmp/grub2.cfg /boot/efi/EFI/redhat/grub.cfg\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-71963\"\n  tag rid: \"SV-86587r4_rule\"\n  tag stig_id: \"RHEL-07-010490\"\n  tag fix_id: \"F-78315r3_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  os_minor_version = os().release.split('.')[1].to_i\n\n  # If OS version is 7.2 or later ONLY root is allowed\n  efi_superusers = os_minor_version &lt; 2 ? input('efi_superusers') : ['root']\n  # Also ensure that 'root' is in the list always\n  efi_superusers.push('root') if !efi_superusers.include?('root')\n  # Define the main cfg with the os name in the path to allow\n  # for this to work with RHEL variants (e.g. CentOS)\n  efi_main_cfg = \"/boot/efi/EFI/#{os().name}/grub.cfg\"\n\n  # If the main EFI config file does not exist this system is\n  # not using EFI and the control is NA\n  if !file(efi_main_cfg).exist?\n    impact 0.0\n    describe 'EFI is not in use' do\n      skip 'EFI is not in use so this control is NA'\n    end\n  # Ensure any superusers are configured with PBDKF2 passwords\n  else\n    efi_superusers.each do |user|\n      describe file(efi_main_cfg) do\n          its('content') { should match %r{^\\s*password_pbkdf2\\s+#{user} } }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST EFI is not in use :: SKIP_MESSAGE EFI is not in use so this control is NA</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72427</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87051r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-041002</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement
   multifactor authentication for access to privileged accounts via pluggable
-  authentication modules (PAM).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+  authentication modules (PAM).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Using an authentication device, such as a CAC or token that is
   separate from the information system, ensures that even if the information
   system is compromised, that compromise will not affect credentials stored on
@@ -22540,150 +21527,145 @@ EFI is not in use so this control is NA</FINDING_DETAILS>
       This requirement only applies to components where this is specific to the
   function of the device or has the concept of an organizational user (e.g., VPN,
   proxy capability). This does not apply to authentication for the purpose of
-  configuring the device itself (management).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+  configuring the device itself (management).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements multifactor authentication for
 remote access to privileged accounts via pluggable authentication modules (PAM).
 
-    Check the &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot; file for the authentication services that
+    Check the "/etc/sssd/sssd.conf" file for the authentication services that
 are being used with the following command:
 
-    # grep services &#x2F;etc&#x2F;sssd&#x2F;sssd.conf &#x2F;etc&#x2F;sssd&#x2F;conf.d&#x2F;*.conf
+    # grep services /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
 
-    services &#x3D; nss, pam
+    services = nss, pam
 
-    If the &quot;pam&quot; service is not present on all &quot;services&quot; lines, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "pam" service is not present on all "services" lines, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement multifactor authentication for
 remote access to privileged accounts via pluggable authentication modules (PAM).
 
-    Modify all of the services lines in &quot;&#x2F;etc&#x2F;sssd&#x2F;sssd.conf&quot; or in
-configuration files found under &quot;&#x2F;etc&#x2F;sssd&#x2F;conf.d&quot; to include pam.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>07299d31-c8fa-40b3-ad4d-32f4b518032c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i -E &#39;services( )*&#x3D;( )*(.+*)pam&#39; &#x2F;etc&#x2F;sssd&#x2F;sssd.conf&#x60; stdout.strip is expected to include &quot;pam&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72221</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86845r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Modify all of the services lines in "/etc/sssd/sssd.conf" or in
+configuration files found under "/etc/sssd/conf.d" to include pam.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72427\" do\n  title \"The Red Hat Enterprise Linux operating system must implement\n  multifactor authentication for access to privileged accounts via pluggable\n  authentication modules (PAM).\"\n  desc  \"Using an authentication device, such as a CAC or token that is\n  separate from the information system, ensures that even if the information\n  system is compromised, that compromise will not affect credentials stored on\n  the authentication device.\n\n      Multifactor solutions that require devices separate from information\n  systems gaining access include, for example, hardware tokens providing\n  time-based or challenge-response authenticators and smart cards such as the\n  U.S. Government Personal Identity Verification card and the DoD Common Access\n  Card.\n\n      A privileged account is defined as an information system account with\n  authorizations of a privileged user.\n\n      Remote access is access to DoD nonpublic information systems by an\n  authorized user (or an information system) communicating through an external,\n  non-organization-controlled network. Remote access methods include, for\n  example, dial-up, broadband, and wireless.\n\n      This requirement only applies to components where this is specific to the\n  function of the device or has the concept of an organizational user (e.g., VPN,\n  proxy capability). This does not apply to authentication for the purpose of\n  configuring the device itself (management).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements multifactor authentication for\n    remote access to privileged accounts via pluggable authentication modules (PAM).\n\n        Check the \\\"/etc/sssd/sssd.conf\\\" file for the authentication services that\n    are being used with the following command:\n\n        # grep services /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf\n\n        services = nss, pam\n\n        If the \\\"pam\\\" service is not present on all \\\"services\\\" lines, this is a\n    finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement multifactor authentication for\n    remote access to privileged accounts via pluggable authentication modules (PAM).\n\n        Modify all of the services lines in \\\"/etc/sssd/sssd.conf\\\" or in\n    configuration files found under \\\"/etc/sssd/conf.d\\\" to include pam.\"\n\n  impact 0.5  \n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00160\", \"SRG-OS-000375-GPOS-00161\",\n\"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-72427\"\n  tag rid: \"SV-87051r4_rule\"\n  tag stig_id: \"RHEL-07-041002\"\n  tag fix_id: \"F-78779r3_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\", \"Rev_4\"]\n\n  unless package('sssd').installed?\n    impact 0.0\n    describe \"The SSSD Package is not installed on the system\" do\n      skip \"This control is Not Appliciable without the SSSD Package installed.\"\n    end\n  else\n    if (!(sssd_files = command(\"find /etc/sssd -name *.conf\").stdout.split(\"\\n\")).empty?)\n      sssd_files.each do |file|\n        describe.one do\n          describe parse_config_file(file) do\n            its('services') { should include 'pam' }\n          end if package('sssd').installed?\n          describe command(\"grep -i -E 'services(\\s)*=(\\s)*(.+*)pam' #{file}\") do\n            its('stdout.strip') { should include 'pam' }\n          end if package('sssd').installed?\n        end if package('sssd').installed?\n      end\n    else\n      describe \"The set of SSSD configuration files\" do\n          subject { sssd_files.to_a }\n          it { should_not be_empty }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i -E 'services( )*=( )*(.+*)pam' /etc/sssd/sssd.conf` stdout.strip is expected to include "pam"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72221</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86845r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a FIPS 140-2
-approved cryptographic algorithm for SSH communications.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+approved cryptographic algorithm for SSH communications.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unapproved mechanisms that are used for authentication to the
 cryptographic module are not verified and therefore cannot be relied upon to
 provide confidentiality or integrity, and DoD data may be compromised.
@@ -22694,14 +21676,14 @@ mechanisms for authenticating to cryptographic modules.
     FIPS 140-2 is the current standard for validating that mechanisms used to
 access cryptographic modules utilize authentication that meets DoD
 requirements. This allows for Security Levels 1, 2, 3, or 4 for use on a
-general purpose computing system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+general purpose computing system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system uses mechanisms meeting the requirements of
 applicable federal laws, Executive orders, directives, policies, regulations,
 standards, and guidance for authentication to a cryptographic module.
@@ -22710,516 +21692,487 @@ standards, and guidance for authentication to a cryptographic module.
 the system cannot implement FIPS 140-2-approved cryptographic algorithms and
 hashes.
 
-    The location of the &quot;sshd_config&quot; file may vary if a different daemon is
+    The location of the "sshd_config" file may vary if a different daemon is
 in use.
 
-    Inspect the &quot;Ciphers&quot; configuration with the following command:
+    Inspect the "Ciphers" configuration with the following command:
 
-    # grep -i ciphers &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i ciphers /etc/ssh/sshd_config
     Ciphers aes128-ctr,aes192-ctr,aes256-ctr
 
-    If any ciphers other than &quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, or &quot;aes256-ctr&quot;
-are listed, the &quot;Ciphers&quot; keyword is missing, or the returned line is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any ciphers other than "aes128-ctr", "aes192-ctr", or "aes256-ctr"
+are listed, the "Ciphers" keyword is missing, or the returned line is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to use FIPS 140-2 approved cryptographic algorithms.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor).
 
     Ciphers aes128-ctr,aes192-ctr,aes256-ctr
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d5cb828c-d9b3-4ac1-8ead-515224f2ab5c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-[&quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, &quot;aes256-ctr&quot;] is expected to be in &quot;aes128-ctr&quot;, &quot;aes192-ctr&quot;, and &quot;aes256-ctr&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72131</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86755r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030540</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72221\" do\n  title \"The Red Hat Enterprise Linux operating system must use a FIPS 140-2\napproved cryptographic algorithm for SSH communications.\"\n  desc  \"Unapproved mechanisms that are used for authentication to the\ncryptographic module are not verified and therefore cannot be relied upon to\nprovide confidentiality or integrity, and DoD data may be compromised.\n\n    Operating systems utilizing encryption are required to use FIPS-compliant\nmechanisms for authenticating to cryptographic modules.\n\n    FIPS 140-2 is the current standard for validating that mechanisms used to\naccess cryptographic modules utilize authentication that meets DoD\nrequirements. This allows for Security Levels 1, 2, 3, or 4 for use on a\ngeneral purpose computing system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uses mechanisms meeting the requirements of\napplicable federal laws, Executive orders, directives, policies, regulations,\nstandards, and guidance for authentication to a cryptographic module.\n\n    Note: If RHEL-07-021350 is a finding, this is automatically a finding as\nthe system cannot implement FIPS 140-2-approved cryptographic algorithms and\nhashes.\n\n    The location of the \\\"sshd_config\\\" file may vary if a different daemon is\nin use.\n\n    Inspect the \\\"Ciphers\\\" configuration with the following command:\n\n    # grep -i ciphers /etc/ssh/sshd_config\n    Ciphers aes128-ctr,aes192-ctr,aes256-ctr\n\n    If any ciphers other than \\\"aes128-ctr\\\", \\\"aes192-ctr\\\", or \\\"aes256-ctr\\\"\nare listed, the \\\"Ciphers\\\" keyword is missing, or the returned line is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to use FIPS 140-2 approved cryptographic algorithms.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor).\n\n    Ciphers aes128-ctr,aes192-ctr,aes256-ctr\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000033-GPOS-00014\"\n  tag satisfies: [\"SRG-OS-000033-GPOS-00014\", \"SRG-OS-000120-GPOS-00061\",\n\"SRG-OS-000125-GPOS-00065\", \"SRG-OS-000250-GPOS-00093\",\n\"SRG-OS-000393-GPOS-00173\"]\n  tag gid: \"V-72221\"\n  tag rid: \"SV-86845r3_rule\"\n  tag stig_id: \"RHEL-07-040110\"\n  tag fix_id: \"F-78575r3_fix\"\n  tag cci: [\"CCI-000068\", \"CCI-000366\", \"CCI-000803\"]\n  tag nist: [\"AC-17 (2)\", \"CM-6 b\", \"IA-7\", \"Rev_4\"]\n\n  @ciphers_array = inspec.sshd_config.params['ciphers']\n\n  unless @ciphers_array.nil?\n    @ciphers_array = @ciphers_array.first.split(\",\")\n  end\n\n  describe @ciphers_array do\n    it { should be_in ['aes128-ctr', 'aes192-ctr', 'aes256-ctr'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST ["aes128-ctr", "aes192-ctr", "aes256-ctr"] is expected to be in "aes128-ctr", "aes192-ctr", and "aes256-ctr"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72131</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86755r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030540</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the truncate syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the truncate syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;truncate&quot; syscall occur.
+successful/unsuccessful attempts to use the "truncate" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw truncate &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw truncate /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;truncate&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"truncate" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;truncate&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S truncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0e015337-50cb-4153-9756-ad6a05dae087</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;truncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86823r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030880</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "truncate" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72131\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe truncate syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"truncate\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw truncate /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"truncate\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"truncate\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72131\"\n  tag rid: \"SV-86755r5_rule\"\n  tag stig_id: \"RHEL-07-030540\"\n  tag fix_id: \"F-78483r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"truncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"truncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"truncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"truncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "truncate" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86823r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030880</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the rename syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the rename syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rename&quot; syscall occur.
+successful/unsuccessful attempts to use the "rename" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw rename &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw rename /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;rename&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"rename" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rename&quot; syscall occur.
+successful/unsuccessful attempts to use the "rename" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rename -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>63351b06-7ddd-4894-a9b6-0845de033161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rename&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72233</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86857r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72199\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe rename syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"rename\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw rename /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"rename\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"rename\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72199\"\n  tag rid: \"SV-86823r5_rule\"\n  tag stig_id: \"RHEL-07-030880\"\n  tag fix_id: \"F-78553r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"rename\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"rename\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "rename" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rename" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72233</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86857r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all networked systems have SSH installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all networked systems have SSH installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without protection of the transmitted information, confidentiality and
 integrity may be compromised because unprotected communications can be
 intercepted and either read or altered.
@@ -23235,310 +22188,298 @@ interception and modification.
 can be accomplished by physical means (e.g., employing physical distribution
 systems) or by logical means (e.g., employing cryptographic techniques). If
 physical means of protection are employed, logical means (cryptography) do not
-have to be employed, and vice versa.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+have to be employed, and vice versa.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check to see if sshd is installed with the following command:
 
 # yum list installed \*ssh\*
-libssh2.x86_64 1.4.3-8.el7 @anaconda&#x2F;7.1
-openssh.x86_64 6.6.1p1-11.el7 @anaconda&#x2F;7.1
-openssh-server.x86_64 6.6.1p1-11.el7 @anaconda&#x2F;7.1
-
-If the &quot;SSH server&quot; package is not installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1
+openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1
+openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1
+
+If the "SSH server" package is not installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install SSH packages onto the host with the following commands:
 
-# yum install openssh-server.x86_64</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1791f9d7-337b-481b-86c3-fd572fb138bc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package openssh-server is expected to be installed
---------------------------------
-passed
-System Package openssh-clients is expected to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72011</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86635r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+# yum install openssh-server.x86_64</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72233\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all networked systems have SSH installed.\"\n  desc  \"Without protection of the transmitted information, confidentiality and\nintegrity may be compromised because unprotected communications can be\nintercepted and either read or altered.\n\n    This requirement applies to both internal and external networks and all\ntypes of information system components from which information can be\ntransmitted (e.g., servers, mobile devices, notebook computers, printers,\ncopiers, scanners, and facsimile machines). Communication paths outside the\nphysical protection of a controlled boundary are exposed to the possibility of\ninterception and modification.\n\n    Protecting the confidentiality and integrity of organizational information\ncan be accomplished by physical means (e.g., employing physical distribution\nsystems) or by logical means (e.g., employing cryptographic techniques). If\nphysical means of protection are employed, logical means (cryptography) do not\nhave to be employed, and vice versa.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check to see if sshd is installed with the following command:\n\n    # yum list installed \\\\*ssh\\\\*\n    libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1\n    openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1\n    openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1\n\n    If the \\\"SSH server\\\" package is not installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Install SSH packages onto the host with the following commands:\n\n    # yum install openssh-server.x86_64\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000423-GPOS-00187\"\n  tag satisfies: [\"SRG-OS-000423-GPOS-00187\", \"SRG-OS-000424-GPOS-00188\",\n\"SRG-OS-000425-GPOS-00189\", \"SRG-OS-000426-GPOS-00190\"]\n  tag gid: \"V-72233\"\n  tag rid: \"SV-86857r3_rule\"\n  tag stig_id: \"RHEL-07-040300\"\n  tag fix_id: \"F-78587r3_fix\"\n  tag cci: [\"CCI-002418\", \"CCI-002420\", \"CCI-002421\", \"CCI-002422\"]\n  tag nist: [\"SC-8\", \"SC-8 (2)\", \"SC-8 (1)\", \"SC-8 (2)\", \"Rev_4\"]\n\n  describe package('openssh-server') do\n    it { should be_installed }\n  end\n  describe package('openssh-clients') do\n    it { should be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package openssh-server is expected to be installed
+--------------------------------
+passed :: TEST System Package openssh-clients is expected to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72011</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86635r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive users have a home directory assigned in the
-&#x2F;etc&#x2F;passwd file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+/etc/passwd file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users are not assigned a valid home directory,
-there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+there is no place for the storage and control of files they should own.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify local interactive users on the system have a home directory assigned.
 
     Check for missing local interactive user home directories with the
 following command:
 
     # pwck -r
-    user &#39;lp&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;lpd&#39; does not exist
-    user &#39;news&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;news&#39; does not exist
-    user &#39;uucp&#39;: directory &#39;&#x2F;var&#x2F;spool&#x2F;uucp&#39; does not exist
-    user &#39;smithj&#39;: directory &#39;&#x2F;home&#x2F;smithj&#39; does not exist
+    user 'lp': directory '/var/spool/lpd' does not exist
+    user 'news': directory '/var/spool/news' does not exist
+    user 'uucp': directory '/var/spool/uucp' does not exist
+    user 'smithj': directory '/home/smithj' does not exist
 
     Ask the System Administrator (SA) if any users found without home
 directories are local interactive users. If the SA is unable to provide a
 response, check for users with a User Identifier (UID) of 1000 or greater with
 the following command:
 
-    # cut -d: -f 1,3 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{2}$|:[0-9]{1,2}$&quot;
+    # cut -d: -f 1,3 /etc/passwd | egrep ":[1-4][0-9]{2}$|:[0-9]{1,2}$"
 
     If any interactive users do not have a home directory assigned, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Assign home directories to all local interactive users that
-currently do not have a home directory assigned.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>286869c1-b9a8-4071-aac5-8eaa5f480b51</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71919</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86543r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+currently do not have a home directory assigned.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72011\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive users have a home directory assigned in the\n/etc/passwd file.\"\n  desc  \"If local interactive users are not assigned a valid home directory,\nthere is no place for the storage and control of files they should own.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify local interactive users on the system have a home directory assigned.\n\n    Check for missing local interactive user home directories with the\nfollowing command:\n\n    # pwck -r\n    user 'lp': directory '/var/spool/lpd' does not exist\n    user 'news': directory '/var/spool/news' does not exist\n    user 'uucp': directory '/var/spool/uucp' does not exist\n    user 'smithj': directory '/home/smithj' does not exist\n\n    Ask the System Administrator (SA) if any users found without home\ndirectories are local interactive users. If the SA is unable to provide a\nresponse, check for users with a User Identifier (UID) of 1000 or greater with\nthe following command:\n\n    # cut -d: -f 1,3 /etc/passwd | egrep \\\":[1-4][0-9]{2}$|:[0-9]{1,2}$\\\"\n\n    If any interactive users do not have a home directory assigned, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Assign home directories to all local interactive users that\ncurrently do not have a home directory assigned.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72011\"\n  tag rid: \"SV-86635r2_rule\"\n  tag stig_id: \"RHEL-07-020600\"\n  tag fix_id: \"F-78363r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71919</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86543r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the PAM system service is configured to store only encrypted
-representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the PAM system service is configured to store only encrypted
 representations of passwords. The strength of encryption that must be used to
 hash passwords for all accounts is SHA512.
@@ -23546,1083 +22487,1037 @@ hash passwords for all accounts is SHA512.
     Check that the system is configured to create SHA512 hashed passwords with
 the following command:
 
-    # grep password &#x2F;etc&#x2F;pam.d&#x2F;system-auth &#x2F;etc&#x2F;pam.d&#x2F;password-auth
+    # grep password /etc/pam.d/system-auth /etc/pam.d/password-auth
 
     Outcome should look like following:
-    &#x2F;etc&#x2F;pam.d&#x2F;system-auth-ac:password    sufficient    pam_unix.so sha512
+    /etc/pam.d/system-auth-ac:password    sufficient    pam_unix.so sha512
 shadow try_first_pass use_authtok
-    &#x2F;etc&#x2F;pam.d&#x2F;password-auth:password    sufficient    pam_unix.so sha512
+    /etc/pam.d/password-auth:password    sufficient    pam_unix.so sha512
 shadow try_first_pass use_authtok
 
-    If the &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; and &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot;
+    If the "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth"
 configuration files allow for password hashes other than SHA512 to be used,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot;:
+    Add the following line in "/etc/pam.d/system-auth":
     pam_unix.so sha512 shadow try_first_pass use_authtok
 
-    Add the following line in &quot;&#x2F;etc&#x2F;pam.d&#x2F;password-auth&quot;:
+    Add the following line in "/etc/pam.d/password-auth":
     pam_unix.so sha512 shadow try_first_pass use_authtok
 
     Note: Manual changes to the listed files may be overwritten by the
-&quot;authconfig&quot; program. The &quot;authconfig&quot; program should not be used to update
-the configurations listed in this requirement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>653871fd-86a2-4085-b0aa-8e3659a578fe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password sufficient pam_unix.so sha512
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;system-auth] lines is expected to include password .* pam_unix.so, all without args ^(md5|bigcrypt|sha256|blowfish)$</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86789r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"authconfig" program. The "authconfig" program should not be used to update
+the configurations listed in this requirement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71919\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the PAM system service is configured to store only encrypted\nrepresentations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the PAM system service is configured to store only encrypted\nrepresentations of passwords. The strength of encryption that must be used to\nhash passwords for all accounts is SHA512.\n\n    Check that the system is configured to create SHA512 hashed passwords with\nthe following command:\n\n    # grep password /etc/pam.d/system-auth /etc/pam.d/password-auth\n\n    Outcome should look like following:\n    /etc/pam.d/system-auth-ac:password    sufficient    pam_unix.so sha512\nshadow try_first_pass use_authtok\n    /etc/pam.d/password-auth:password    sufficient    pam_unix.so sha512\nshadow try_first_pass use_authtok\n\n    If the \\\"/etc/pam.d/system-auth\\\" and \\\"/etc/pam.d/password-auth\\\"\nconfiguration files allow for password hashes other than SHA512 to be used,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add the following line in \\\"/etc/pam.d/system-auth\\\":\n    pam_unix.so sha512 shadow try_first_pass use_authtok\n\n    Add the following line in \\\"/etc/pam.d/password-auth\\\":\n    pam_unix.so sha512 shadow try_first_pass use_authtok\n\n    Note: Manual changes to the listed files may be overwritten by the\n\\\"authconfig\\\" program. The \\\"authconfig\\\" program should not be used to update\nthe configurations listed in this requirement.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71919\"\n  tag rid: \"SV-86543r3_rule\"\n  tag stig_id: \"RHEL-07-010200\"\n  tag fix_id: \"F-78271r4_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe pam(\"/etc/pam.d/system-auth\") do\n    its('lines') { should match_pam_rule('password sufficient pam_unix.so sha512') }\n    its('lines') { should match_pam_rule('password .* pam_unix.so').all_without_args('^(md5|bigcrypt|sha256|blowfish)$') }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password sufficient pam_unix.so sha512
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/system-auth] lines is expected to include password .* pam_unix.so, all without args ^(md5|bigcrypt|sha256|blowfish)$</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86789r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the newgrp command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the newgrp command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;newgrp&quot; command occur.
+successful/unsuccessful attempts to use the "newgrp" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;newgrp &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/newgrp /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;newgrp -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;newgrp&quot; command occur.
+successful/unsuccessful attempts to use the "newgrp" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;newgrp -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6619d5d7-83dd-44f0-94a9-fa9ffc6bdb7b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;newgrp&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;newgrp&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72157</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86781r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030670</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72165\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe newgrp command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"newgrp\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -i /usr/bin/newgrp /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"newgrp\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72165\"\n  tag rid: \"SV-86789r4_rule\"\n  tag stig_id: \"RHEL-07-030710\"\n  tag fix_id: \"F-78519r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/newgrp'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/newgrp" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/newgrp" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72157</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86781r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030670</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the userhelper command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the userhelper command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;userhelper&quot; command occur.
+successful/unsuccessful attempts to use the "userhelper" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;userhelper &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/userhelper /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;userhelper -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
+    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;userhelper&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;userhelper -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>39c73214-e106-44ae-861e-3bbc53d3c453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;userhelper&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;userhelper&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73167</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87819r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030872</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "userhelper" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72157\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe userhelper command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"userhelper\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/userhelper /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"userhelper\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72157\"\n  tag rid: \"SV-86781r5_rule\"\n  tag stig_id: \"RHEL-07-030670\"\n  tag fix_id: \"F-78509r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/userhelper'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/userhelper" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/userhelper" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73167</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87819r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030872</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;gshadow.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/gshadow.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;gshadow&quot;.
+"/etc/gshadow".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;gshadow &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/gshadow /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;gshadow -p wa -k identity
+    -w /etc/gshadow -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;gshadow&quot;.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;gshadow -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>21200a49-bbab-4823-9153-7ee7b14f1161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;gshadow&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;gshadow&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71955</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86579r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/gshadow".
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/gshadow -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73167\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/gshadow.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/gshadow\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/gshadow /etc/audit/audit.rules\n\n    -w /etc/gshadow -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/gshadow\\\".\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/gshadow -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73167\"\n  tag rid: \"SV-87819r4_rule\"\n  tag stig_id: \"RHEL-07-030872\"\n  tag fix_id: \"F-79613r3_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/gshadow'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/gshadow" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/gshadow" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71955</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86579r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow an
-unrestricted logon to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unrestricted logon to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow an unrestricted logon to the
 system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Check for the value of the &quot;TimedLoginEnable&quot; parameter in
-&quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file with the following command:
+    Check for the value of the "TimedLoginEnable" parameter in
+"/etc/gdm/custom.conf" file with the following command:
 
-    # grep -i timedloginenable &#x2F;etc&#x2F;gdm&#x2F;custom.conf
-    TimedLoginEnable&#x3D;false
+    # grep -i timedloginenable /etc/gdm/custom.conf
+    TimedLoginEnable=false
 
-    If the value of &quot;TimedLoginEnable&quot; is not set to &quot;false&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "TimedLoginEnable" is not set to "false", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow an unrestricted account to log
 on to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Add or edit the line for the &quot;TimedLoginEnable&quot; parameter in the [daemon]
-section of the &quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file to &quot;false&quot;:
+    Add or edit the line for the "TimedLoginEnable" parameter in the [daemon]
+section of the "/etc/gdm/custom.conf" file to "false":
 
     [daemon]
-    TimedLoginEnable&#x3D;false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>60e98e57-4bbb-420f-bb58-8c3625a5cfe7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GDM installed
-The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86775r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030640</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    TimedLoginEnable=false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71955\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow an\nunrestricted logon to the system.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow an unrestricted logon to the\nsystem via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check for the value of the \\\"TimedLoginEnable\\\" parameter in\n\\\"/etc/gdm/custom.conf\\\" file with the following command:\n\n    # grep -i timedloginenable /etc/gdm/custom.conf\n    TimedLoginEnable=false\n\n    If the value of \\\"TimedLoginEnable\\\" is not set to \\\"false\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow an unrestricted account to log\non to the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Add or edit the line for the \\\"TimedLoginEnable\\\" parameter in the [daemon]\nsection of the \\\"/etc/gdm/custom.conf\\\" file to \\\"false\\\":\n\n    [daemon]\n    TimedLoginEnable=false\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71955\"\n  tag rid: \"SV-86579r3_rule\"\n  tag stig_id: \"RHEL-07-010450\"\n  tag fix_id: \"F-78307r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  custom_conf = '/etc/gdm/custom.conf'\n\n  if package('gdm').installed?\n    impact 0.7\n    if ((f = file(custom_conf)).exist?)\n      describe ini(custom_conf) do\n        its('daemon.TimedLoginEnable') { cmp false }\n      end\n    else\n      describe f do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GDM installed\" do\n      skip \"The system does not have GDM installed, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GDM installed :: SKIP_MESSAGE The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86775r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030640</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the unix_chkpwd command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the unix_chkpwd command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged password commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unix_chkpwd&quot; command occur.
+successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
+    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;unix_chkpwd&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-passwd
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ca6a9ed2-59dd-4d73-8835-227d5351be45</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;unix_chkpwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71987</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000437-GPOS-00194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86611r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-passwd
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72151\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe unix_chkpwd command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged password commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"unix_chkpwd\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"unix_chkpwd\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-passwd\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72151\"\n  tag rid: \"SV-86775r5_rule\"\n  tag stig_id: \"RHEL-07-030640\"\n  tag fix_id: \"F-78503r8_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/unix_chkpwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/unix_chkpwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/unix_chkpwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71987</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000437-GPOS-00194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86611r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must remove all software
-components after updated versions have been installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+components after updated versions have been installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Previous versions of software components that are not removed from the
 information system after updates have been installed may be exploited by
 adversaries. Some information technology products may remove older versions of
-software automatically from the information system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+software automatically from the information system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system removes all software components after updated
 versions have been installed.
 
     Check if yum is configured to remove unneeded packages with the following
 command:
 
-    # grep -i clean_requirements_on_remove &#x2F;etc&#x2F;yum.conf
-    clean_requirements_on_remove&#x3D;1
+    # grep -i clean_requirements_on_remove /etc/yum.conf
+    clean_requirements_on_remove=1
 
-    If &quot;clean_requirements_on_remove&quot; is not set to &quot;1&quot;, &quot;True&quot;, or
-&quot;yes&quot;, or is not set in &quot;&#x2F;etc&#x2F;yum.conf&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "clean_requirements_on_remove" is not set to "1", "True", or
+"yes", or is not set in "/etc/yum.conf", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to remove all software components after
 updated versions have been installed.
 
-    Set the &quot;clean_requirements_on_remove&quot; option to &quot;1&quot; in the
-&quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    clean_requirements_on_remove&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>32b5973c-f3dd-400c-a670-cfd292226a77</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002617</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;yum.conf main.clean_requirements_on_remove is expected to match &#x2F;1|True|yes&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71909</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000266-GPOS-00101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86533r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "clean_requirements_on_remove" option to "1" in the
+"/etc/yum.conf" file:
+
+    clean_requirements_on_remove=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71987\" do\n  title \"The Red Hat Enterprise Linux operating system must remove all software\ncomponents after updated versions have been installed.\"\n  desc  \"Previous versions of software components that are not removed from the\ninformation system after updates have been installed may be exploited by\nadversaries. Some information technology products may remove older versions of\nsoftware automatically from the information system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system removes all software components after updated\nversions have been installed.\n\n    Check if yum is configured to remove unneeded packages with the following\ncommand:\n\n    # grep -i clean_requirements_on_remove /etc/yum.conf\n    clean_requirements_on_remove=1\n\n    If \\\"clean_requirements_on_remove\\\" is not set to \\\"1\\\", \\\"True\\\", or\n\\\"yes\\\", or is not set in \\\"/etc/yum.conf\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to remove all software components after\nupdated versions have been installed.\n\n    Set the \\\"clean_requirements_on_remove\\\" option to \\\"1\\\" in the\n\\\"/etc/yum.conf\\\" file:\n\n    clean_requirements_on_remove=1\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000437-GPOS-00194\"\n  tag gid: \"V-71987\"\n  tag rid: \"SV-86611r2_rule\"\n  tag stig_id: \"RHEL-07-020200\"\n  tag fix_id: \"F-78339r1_fix\"\n  tag cci: [\"CCI-002617\"]\n  tag nist: [\"SI-2 (6)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/yum.conf\") do\n    its('main.clean_requirements_on_remove') { should match %r{1|True|yes}i }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002617</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/yum.conf main.clean_requirements_on_remove is expected to match /1|True|yes/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71909</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000266-GPOS-00101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86533r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one special character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one special character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -24631,293 +23526,282 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces password complexity by requiring that
 at least one special character be used.
 
     Note: The value to require a number of special characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;ocredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "ocredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep ocredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    ocredit&#x3D;-1
+    # grep ocredit /etc/security/pwquality.conf
+    ocredit=-1
 
-    If the value of &quot;ocredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "ocredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one special character be used by setting the &quot;ocredit&quot; option.
+that at least one special character be used by setting the "ocredit" option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    ocredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0d9f4c9f-7987-4716-be9c-1d61a861986e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf ocredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72085</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86709r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    ocredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71909\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one special character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces password complexity by requiring that\nat least one special character be used.\n\n    Note: The value to require a number of special characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"ocredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep ocredit /etc/security/pwquality.conf\n    ocredit=-1\n\n    If the value of \\\"ocredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one special character be used by setting the \\\"ocredit\\\" option.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    ocredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000266-GPOS-00101\"\n  tag gid: \"V-71909\"\n  tag rid: \"SV-86533r2_rule\"\n  tag stig_id: \"RHEL-07-010150\"\n  tag fix_id: \"F-78261r2_fix\"\n  tag cci: [\"CCI-001619\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('ocredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf ocredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72085</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86709r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must encrypt the
 transfer of audit records off-loaded onto a different system or media from the
-system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
-storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system encrypts audit records off-loaded onto a
 different system or media from the system being audited.
 
     To determine if the transfer is encrypted, use the following command:
 
-    # grep -i enable_krb5 &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-    enable_krb5 &#x3D; yes
+    # grep -i enable_krb5 /etc/audisp/audisp-remote.conf
+    enable_krb5 = yes
 
-    If the value of the &quot;enable_krb5&quot; option is not set to &quot;yes&quot; or the
+    If the value of the "enable_krb5" option is not set to "yes" or the
 line is commented out, ask the System Administrator to indicate how the audit
 logs are off-loaded to a different system or media.
 
     If there is no evidence that the transfer of the audit logs being
-off-loaded to another system or media is encrypted, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+off-loaded to another system or media is encrypted, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to encrypt the transfer of off-loaded audit
 records onto a different system or media from the system being audited.
 
-    Uncomment the &quot;enable_krb5&quot; option in &quot;&#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf&quot;
+    Uncomment the "enable_krb5" option in "/etc/audisp/audisp-remote.conf"
 and set it with the following line:
 
-    enable_krb5 &#x3D; yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3a6e50e6-4114-4d8b-bcb3-2b53a49f9cda</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
-Can&#39;t find file: &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71859</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86483r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010030</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    enable_krb5 = yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72085\" do\n  title \"The Red Hat Enterprise Linux operating system must encrypt the\ntransfer of audit records off-loaded onto a different system or media from the\nsystem being audited.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system encrypts audit records off-loaded onto a\ndifferent system or media from the system being audited.\n\n    To determine if the transfer is encrypted, use the following command:\n\n    # grep -i enable_krb5 /etc/audisp/audisp-remote.conf\n    enable_krb5 = yes\n\n    If the value of the \\\"enable_krb5\\\" option is not set to \\\"yes\\\" or the\nline is commented out, ask the System Administrator to indicate how the audit\nlogs are off-loaded to a different system or media.\n\n    If there is no evidence that the transfer of the audit logs being\noff-loaded to another system or media is encrypted, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to encrypt the transfer of off-loaded audit\nrecords onto a different system or media from the system being audited.\n\n    Uncomment the \\\"enable_krb5\\\" option in \\\"/etc/audisp/audisp-remote.conf\\\"\nand set it with the following line:\n\n    enable_krb5 = yes\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-72085\"\n  tag rid: \"SV-86709r2_rule\"\n  tag stig_id: \"RHEL-07-030310\"\n  tag fix_id: \"F-78437r1_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  describe parse_config_file('/etc/audisp/audisp-remote.conf') do\n    its('enable_krb5'.to_s) { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST Parse Config File /etc/audisp/audisp-remote.conf :: SKIP_MESSAGE Can't find file: /etc/audisp/audisp-remote.conf</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71859</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-GPOS-00006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86483r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the
 Standard Mandatory DoD Notice and Consent Banner before granting local or
-remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+remote access to the system via a graphical user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before
 granting access to the operating system ensures privacy and security
 notification verbiage used is consistent with applicable federal laws,
@@ -24930,7 +23814,7 @@ with human users and are not required when such human interfaces do not exist.
 the following verbiage for operating systems that can accommodate banners of
 1300 characters:
 
-    &quot;You are accessing a U.S. Government (USG) Information System (IS) that is
+    "You are accessing a U.S. Government (USG) Information System (IS) that is
 provided for USG-authorized use only.
 
     By using this IS (which includes any device attached to this IS), you
@@ -24955,14 +23839,14 @@ PM, LE or CI investigative searching or monitoring of the content of privileged
 communications, or work product, related to personal representation or services
 by attorneys, psychotherapists, or clergy, and their assistants. Such
 communications and work product are private and confidential. See User
-Agreement for details.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Agreement for details."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system displays the Standard Mandatory DoD Notice and
 Consent Banner before granting access to the operating system via a graphical
 user logon.
@@ -24973,14 +23857,14 @@ Applicable.
     Check to see if the operating system displays a banner at the logon screen
 with the following command:
 
-    # grep banner-message-enable &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    banner-message-enable&#x3D;true
+    # grep banner-message-enable /etc/dconf/db/local.d/*
+    banner-message-enable=true
 
-    If &quot;banner-message-enable&quot; is set to &quot;false&quot; or is missing, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "banner-message-enable" is set to "false" or is missing, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to display the Standard Mandatory DoD Notice
 and Consent Banner before granting access to the system.
 
@@ -24990,129 +23874,123 @@ Applicable.
     Create a database to contain the system-wide graphical user logon settings
 (if it does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message
+    # touch /etc/dconf/db/local.d/01-banner-message
 
-    Add the following line to the [org&#x2F;gnome&#x2F;login-screen] section of the
-&quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;01-banner-message&quot;:
+    Add the following line to the [org/gnome/login-screen] section of the
+"/etc/dconf/db/local.d/01-banner-message":
 
-    [org&#x2F;gnome&#x2F;login-screen]
-    banner-message-enable&#x3D;true
+    [org/gnome/login-screen]
+    banner-message-enable=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>93f1e1aa-a900-4a96-9093-aeca40101b56</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95731r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71859\" do\n  title \"The Red Hat Enterprise Linux operating system must display the\nStandard Mandatory DoD Notice and Consent Banner before granting local or\nremote access to the system via a graphical user logon.\"\n  desc  \"Display of a standardized and approved use notification before\ngranting access to the operating system ensures privacy and security\nnotification verbiage used is consistent with applicable federal laws,\nExecutive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces\nwith human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DoD policy. Use\nthe following verbiage for operating systems that can accommodate banners of\n1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is\nprovided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you\nconsent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for\npurposes including, but not limited to, penetration testing, COMSEC monitoring,\nnetwork operations and defense, personnel misconduct (PM), law enforcement\n(LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are\nsubject to routine monitoring, interception, and search, and may be disclosed\nor used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access\ncontrols) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to\nPM, LE or CI investigative searching or monitoring of the content of privileged\ncommunications, or work product, related to personal representation or services\nby attorneys, psychotherapists, or clergy, and their assistants. Such\ncommunications and work product are private and confidential. See User\nAgreement for details.\\\"\n\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system displays the Standard Mandatory DoD Notice and\nConsent Banner before granting access to the operating system via a graphical\nuser logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if the operating system displays a banner at the logon screen\nwith the following command:\n\n    # grep banner-message-enable /etc/dconf/db/local.d/*\n    banner-message-enable=true\n\n    If \\\"banner-message-enable\\\" is set to \\\"false\\\" or is missing, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to display the Standard Mandatory DoD Notice\nand Consent Banner before granting access to the system.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide graphical user logon settings\n(if it does not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/01-banner-message\n\n    Add the following line to the [org/gnome/login-screen] section of the\n\\\"/etc/dconf/db/local.d/01-banner-message\\\":\n\n    [org/gnome/login-screen]\n    banner-message-enable=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000023-GPOS-00006\"\n  tag satisfies: [\"SRG-OS-000023-GPOS-00006\", \"SRG-OS-000024-GPOS-00007\",\n\"SRG-OS-000228-GPOS-00088\"]\n  tag gid: \"V-71859\"\n  tag rid: \"SV-86483r4_rule\"\n  tag stig_id: \"RHEL-07-010030\"\n  tag fix_id: \"F-78211r4_fix\"\n  tag cci: [\"CCI-000048\"]\n  tag nist: [\"AC-8 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    if !dconf_user.nil? and command('whoami').stdout.strip == 'root'\n      describe command(\"sudo -u #{dconf_user} dconf read /org/gnome/login-screen/banner-message-enable\") do\n        its('stdout.strip') { should cmp banner_message_enabled.to_s }\n      end\n    else\n      describe command(\"dconf read /org/gnome/login-screen/banner-message-enable\") do\n        its('stdout.strip') { should cmp banner_message_enabled.to_s }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The GNOME desktop is not installed\" do      \n      skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81019</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95731r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must take appropriate
-action when the audisp-remote buffer is full.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+action when the audisp-remote buffer is full.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
@@ -25120,301 +23998,288 @@ incidental deletion or alteration.
 storage capacity.
 
     When the remote buffer is full, audit logs will not be collected and sent
-to the central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to the central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the audisp daemon is configured to take an appropriate action when
 the internal queue is full:
 
-    # grep &quot;overflow_action&quot; &#x2F;etc&#x2F;audisp&#x2F;audispd.conf
+    # grep "overflow_action" /etc/audisp/audispd.conf
 
-    overflow_action &#x3D; syslog
+    overflow_action = syslog
 
-    If the &quot;overflow_action&quot; option is not &quot;syslog&quot;, &quot;single&quot;, or
-&quot;halt&quot;, or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;audispd.conf file and add or update the
-&quot;overflow_action&quot; option:
+    If the "overflow_action" option is not "syslog", "single", or
+"halt", or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/audispd.conf file and add or update the
+"overflow_action" option:
 
-    overflow_action &#x3D; syslog
+    overflow_action = syslog
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1fa781d0-99d7-4208-b41a-956b6cbe4dd0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audispd.conf overflow_action is expected to match &#x2F;syslog$|single$|halt$&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78999</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93705r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030819</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81019\" do\n  title \"The Red Hat Enterprise Linux operating system must take appropriate\naction when the audisp-remote buffer is full.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    When the remote buffer is full, audit logs will not be collected and sent\nto the central log server.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the audisp daemon is configured to take an appropriate action when\nthe internal queue is full:\n\n    # grep \\\"overflow_action\\\" /etc/audisp/audispd.conf\n\n    overflow_action = syslog\n\n    If the \\\"overflow_action\\\" option is not \\\"syslog\\\", \\\"single\\\", or\n\\\"halt\\\", or the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/audispd.conf file and add or update the\n\\\"overflow_action\\\" option:\n\n    overflow_action = syslog\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81019\"\n  tag rid: \"SV-95731r1_rule\"\n  tag stig_id: \"RHEL-07-030210\"\n  tag fix_id: \"F-87853r3_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audispd.conf').exist?\n    describe parse_config_file('/etc/audisp/audispd.conf') do\n      its('overflow_action') { should match %r{syslog$|single$|halt$}i }\n    end\n  else\n    describe \"File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/audisp/audispd.conf overflow_action is expected to match /syslog$|single$|halt$/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78999</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93705r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030819</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the create_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the create_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;create_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "create_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw create_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw create_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S create_module -k module-change
+    -a always,exit -F arch=b32 -S create_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S create_module -k module-change
+    -a always,exit -F arch=b64 -S create_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;create_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"create_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;create_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S create_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S create_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6585a9ce-7ad2-45b4-a248-175b2b36dbb8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;create_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72241</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86865r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "create_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S create_module -k module-change
+
+    -a always,exit -F arch=b64 -S create_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78999\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe create_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"create_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw create_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S create_module -k module-change\n\n    -a always,exit -F arch=b64 -S create_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"create_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"create_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S create_module -k module-change\n\n    -a always,exit -F arch=b64 -S create_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-78999\"\n  tag rid: \"SV-93705r3_rule\"\n  tag stig_id: \"RHEL-07-030819\"\n  tag fix_id: \"F-85749r4_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"create_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"create_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "create_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "create_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72241</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86865r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with SSH traffic terminate after a
-period of inactivity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+period of inactivity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle SSH session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -25422,185 +24287,179 @@ unattended. In addition, quickly terminating an idle SSH session will also free
 up resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically terminates a user session after
 inactivity time-outs have expired.
 
-    Check for the value of the &quot;ClientAliveCountMax&quot; keyword with the
+    Check for the value of the "ClientAliveCountMax" keyword with the
 following command:
 
-    # grep -i clientalivecount &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i clientalivecount /etc/ssh/sshd_config
     ClientAliveCountMax 0
 
-    If &quot;ClientAliveCountMax&quot; is not set to &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "ClientAliveCountMax" is not set to "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to terminate automatically a user session
 after inactivity time-outs have expired or at shutdown.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor):
 
     ClientAliveCountMax 0
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9c1c590e-b562-4fae-a427-96057be87257</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The release is 7.8
-The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71849</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000257-GPOS-00098</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86473r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72241\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with SSH traffic terminate after a\nperiod of inactivity.\"\n  desc  \"Terminating an idle SSH session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle SSH session will also free\nup resources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically terminates a user session after\ninactivity time-outs have expired.\n\n    Check for the value of the \\\"ClientAliveCountMax\\\" keyword with the\nfollowing command:\n\n    # grep -i clientalivecount /etc/ssh/sshd_config\n    ClientAliveCountMax 0\n\n    If \\\"ClientAliveCountMax\\\" is not set to \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to terminate automatically a user session\nafter inactivity time-outs have expired or at shutdown.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor):\n\n    ClientAliveCountMax 0\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag satisfies: [\"SRG-OS-000163-GPOS-00072\", \"SRG-OS-000279-GPOS-00109\"]\n  tag gid: \"V-72241\"\n  tag rid: \"SV-86865r4_rule\"\n  tag stig_id: \"RHEL-07-040340\"\n  tag fix_id: \"F-78595r4_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  if os.release.to_f &gt;= 7.4\n    impact 0.0\n    describe \"The release is #{os.release}\" do\n      skip \"The release is newer than 7.4; this control is Not Applicable.\"\n    end\n  else\n    describe sshd_config do\n      its('ClientAliveCountMax') { should cmp '0' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The release is 7.8 :: SKIP_MESSAGE The release is newer than 7.4; this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71849</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000257-GPOS-00098</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86473r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the file permissions, ownership, and group membership of system files and
-commands match the vendor values.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+commands match the vendor values.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Discretionary access control is weakened if a user or group has access
-permissions to system files and directories greater than the default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+permissions to system files and directories greater than the default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file permissions, ownership, and group membership of system
 files and commands match the vendor values.
 
     Check the default file permissions, ownership, and group membership of
 system files and commands with the following command:
 
-    # for i in &#x60;rpm -Va | egrep -i &#39;^\.[M|U|G|.]{8}&#39; | cut -d &quot; &quot; -f4,5&#x60;;do
-for j in &#x60;rpm -qf $i&#x60;;do rpm -ql $j --dump | cut -d &quot; &quot; -f1,5,6,7 | grep
+    # for i in `rpm -Va | egrep -i '^\.[M|U|G|.]{8}' | cut -d " " -f4,5`;do
+for j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d " " -f1,5,6,7 | grep
 $i;done;done
 
-    &#x2F;var&#x2F;log&#x2F;gdm 040755 root root
-    &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf 0100640 root root
-    &#x2F;usr&#x2F;bin&#x2F;passwd 0104755 root root
+    /var/log/gdm 040755 root root
+    /etc/audisp/audisp-remote.conf 0100640 root root
+    /usr/bin/passwd 0104755 root root
 
     For each file returned, verify the current permissions, ownership, and
 group membership:
     # ls -la &lt;filename&gt;
 
-    -rw-------. 1 root root 133 Jan 11 13:25 &#x2F;etc&#x2F;audisp&#x2F;audisp-remote.conf
+    -rw-------. 1 root root 133 Jan 11 13:25 /etc/audisp/audisp-remote.conf
 
     If the file is more permissive than the default permissions, this is a
 finding.
@@ -25609,10 +24468,10 @@ finding.
 the Information System Security Officer (ISSO), this is a finding.
 
     If the file is not a member of the default group and is not documented with
-the Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+the Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the file:
 
     # rpm -qf &lt;filename&gt;
@@ -25625,589 +24484,567 @@ following command:
 
     Reset the permissions of files within a package with the following command:
 
-    #rpm --setperms &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0b588496-09c3-41ac-a6a4-4815ccbedb7d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long time to run and has been disabled
-    using the disable_slow_controls attribute.
-This control consistently takes a long time to run and has been disabled
+    #rpm --setperms &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71849\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file permissions, ownership, and group membership of system files and\ncommands match the vendor values.\"\n  desc  \"Discretionary access control is weakened if a user or group has access\npermissions to system files and directories greater than the default.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file permissions, ownership, and group membership of system\nfiles and commands match the vendor values.\n\n    Check the default file permissions, ownership, and group membership of\nsystem files and commands with the following command:\n\n    # for i in `rpm -Va | egrep -i '^\\\\.[M|U|G|.]{8}' | cut -d \\\" \\\" -f4,5`;do\nfor j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d \\\" \\\" -f1,5,6,7 | grep\n$i;done;done\n\n    /var/log/gdm 040755 root root\n    /etc/audisp/audisp-remote.conf 0100640 root root\n    /usr/bin/passwd 0104755 root root\n\n    For each file returned, verify the current permissions, ownership, and\ngroup membership:\n    # ls -la &lt;filename&gt;\n\n    -rw-------. 1 root root 133 Jan 11 13:25 /etc/audisp/audisp-remote.conf\n\n    If the file is more permissive than the default permissions, this is a\nfinding.\n\n    If the file is not owned by the default owner and is not documented with\nthe Information System Security Officer (ISSO), this is a finding.\n\n    If the file is not a member of the default group and is not documented with\nthe Information System Security Officer (ISSO), this is a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the file:\n\n    # rpm -qf &lt;filename&gt;\n\n    Reset the user and group ownership of files within a package with the\nfollowing command:\n\n    #rpm --setugids &lt;packagename&gt;\n\n\n    Reset the permissions of files within a package with the following command:\n\n    #rpm --setperms &lt;packagename&gt;\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000257-GPOS-00098\"\n  tag satisfies: [\"SRG-OS-000257-GPOS-00098\", \"SRG-OS-000278-GPOS-00108\"]\n  tag gid: \"V-71849\"\n  tag rid: \"SV-86473r4_rule\"\n  tag stig_id: \"RHEL-07-010010\"\n  tag fix_id: \"F-78201r4_fix\"\n  tag cci: [\"CCI-001494\", \"CCI-001496\", \"CCI-002165\", \"CCI-002235\"]\n  tag nist: [\"AU-9\", \"AU-9 (3)\", \"AC-3 (4)\", \"AC-6 (10)\", \"Rev_4\"]\n\n  if input('disable_slow_controls')\n    describe \"This control consistently takes a long time to run and has been disabled\n    using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long time to run and has been disabled\n            using the disable_slow_controls attribute. You must enable this control for a\n            full accredidation for production.\"\n    end\n  else\n    describe command(\"rpm -Va | grep '^.M' | awk 'NF&gt;1{print $NF}'\").stdout.strip.split(\"\\n\") do\n      it { should all(be_in rpm_verify_perms_except) }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long time to run and has been disabled
+    using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long time to run and has been disabled
             using the disable_slow_controls attribute. You must enable this control for a
-            full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72267</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86891r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+            full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72267</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86891r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow compression or only allows compression after
-successful authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+successful authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If compression is allowed in an SSH connection prior to
 authentication, vulnerabilities in the compression software could result in
 compromise of the system from an unauthenticated connection, potentially with
-root privileges.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+root privileges.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs compression after a user successfully
 authenticates.
 
     Check that the SSH daemon performs compression after a user successfully
 authenticates with the following command:
 
-    # grep -i compression &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i compression /etc/ssh/sshd_config
     Compression delayed
 
-    If the &quot;Compression&quot; keyword is set to &quot;yes&quot;, is missing, or the
-returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;Compression&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this
+    If the "Compression" keyword is set to "yes", is missing, or the
+returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "Compression" keyword in "/etc/ssh/sshd_config" (this
 file may be named differently or be in a different location if using a version
 of SSH that is provided by a third-party vendor) on the system and set the
-value to &quot;delayed&quot; or &quot;no&quot;:
+value to "delayed" or "no":
 
     Compression no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6c14e759-e927-4a3d-a5e4-aab98729bcdb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration Compression is expected to cmp &#x3D;&#x3D; &quot;delayed&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86835r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-031010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72267\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow compression or only allows compression after\nsuccessful authentication.\"\n  desc  \"If compression is allowed in an SSH connection prior to\nauthentication, vulnerabilities in the compression software could result in\ncompromise of the system from an unauthenticated connection, potentially with\nroot privileges.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs compression after a user successfully\nauthenticates.\n\n    Check that the SSH daemon performs compression after a user successfully\nauthenticates with the following command:\n\n    # grep -i compression /etc/ssh/sshd_config\n    Compression delayed\n\n    If the \\\"Compression\\\" keyword is set to \\\"yes\\\", is missing, or the\nreturned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"Compression\\\" keyword in \\\"/etc/ssh/sshd_config\\\" (this\nfile may be named differently or be in a different location if using a version\nof SSH that is provided by a third-party vendor) on the system and set the\nvalue to \\\"delayed\\\" or \\\"no\\\":\n\n    Compression no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72267\"\n  tag rid: \"SV-86891r3_rule\"\n  tag stig_id: \"RHEL-07-040470\"\n  tag fix_id: \"F-78621r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe sshd_config do\n      its('Compression') { should cmp 'delayed' }\n    end\n    describe sshd_config do\n      its('Compression') { should cmp 'no' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration Compression is expected to cmp == "delayed"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86835r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-031010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the rsyslog daemon does not accept log messages from other servers unless
-the server is being used for log aggregation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the server is being used for log aggregation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unintentionally running a rsyslog server accepting remote messages
 puts the system at increased risk. Malicious rsyslog messages sent to the
 server could exploit vulnerabilities in the server software itself, could
-introduce misleading information in to the system&#39;s logs, or could fill the
-system&#39;s storage leading to a Denial of Service.
+introduce misleading information in to the system's logs, or could fill the
+system's storage leading to a Denial of Service.
 
     If the system is intended to be a log aggregation server its use must be
-documented with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the system is not accepting &quot;rsyslog&quot; messages from other
+documented with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the system is not accepting "rsyslog" messages from other
 systems unless it is documented as a log aggregation server.
 
-    Check the configuration of &quot;rsyslog&quot; with the following command:
+    Check the configuration of "rsyslog" with the following command:
 
-    # grep imtcp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imtcp /etc/rsyslog.conf
     $ModLoad imtcp
-    # grep imudp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imudp /etc/rsyslog.conf
     $ModLoad imudp
-    # grep imrelp &#x2F;etc&#x2F;rsyslog.conf
+    # grep imrelp /etc/rsyslog.conf
     $ModLoad imrelp
 
-    If any of the above modules are being loaded in the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot;
+    If any of the above modules are being loaded in the "/etc/rsyslog.conf"
 file, ask to see the documentation for the system being used for log
 aggregation.
 
     If the documentation does not exist, or does not specify the server as a
-log aggregation system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Modify the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; file to remove the &quot;ModLoad
-imtcp&quot;, &quot;ModLoad imudp&quot;, and &quot;ModLoad imrelp&quot; configuration lines, or
-document the system as being used for log aggregation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>50190009-09d9-41fd-8703-70323fd727f9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;rsyslog.conf content is expected to match &#x2F;\$ModLoad\s+imtcp.*\n?$&#x2F;
---------------------------------
-passed
-File &#x2F;etc&#x2F;rsyslog.conf content is expected not to match &#x2F;^\$ModLoad\s+imtcp.*\n?$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72239</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86863r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+log aggregation system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Modify the "/etc/rsyslog.conf" file to remove the "ModLoad
+imtcp", "ModLoad imudp", and "ModLoad imrelp" configuration lines, or
+document the system as being used for log aggregation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72211\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the rsyslog daemon does not accept log messages from other servers unless\nthe server is being used for log aggregation.\"\n  desc  \"Unintentionally running a rsyslog server accepting remote messages\nputs the system at increased risk. Malicious rsyslog messages sent to the\nserver could exploit vulnerabilities in the server software itself, could\nintroduce misleading information in to the system's logs, or could fill the\nsystem's storage leading to a Denial of Service.\n\n    If the system is intended to be a log aggregation server its use must be\ndocumented with the ISSO.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the system is not accepting \\\"rsyslog\\\" messages from other\nsystems unless it is documented as a log aggregation server.\n\n    Check the configuration of \\\"rsyslog\\\" with the following command:\n\n    # grep imtcp /etc/rsyslog.conf\n    $ModLoad imtcp\n    # grep imudp /etc/rsyslog.conf\n    $ModLoad imudp\n    # grep imrelp /etc/rsyslog.conf\n    $ModLoad imrelp\n\n    If any of the above modules are being loaded in the \\\"/etc/rsyslog.conf\\\"\nfile, ask to see the documentation for the system being used for log\naggregation.\n\n    If the documentation does not exist, or does not specify the server as a\nlog aggregation system, this is a finding.\n  \"\n  desc  \"fix\", \"Modify the \\\"/etc/rsyslog.conf\\\" file to remove the \\\"ModLoad\nimtcp\\\", \\\"ModLoad imudp\\\", and \\\"ModLoad imrelp\\\" configuration lines, or\ndocument the system as being used for log aggregation.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72211\"\n  tag rid: \"SV-86835r2_rule\"\n  tag stig_id: \"RHEL-07-031010\"\n  tag fix_id: \"F-78565r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  log_aggregation_server = input('log_aggregation_server')\n\n  if log_aggregation_server\n    describe file('/etc/rsyslog.conf') do\n      its('content') { should match %r{^\\$ModLoad\\s+imtcp.*\\n?$} }\n    end\n  else\n    describe.one do\n      describe file('/etc/rsyslog.conf') do\n        its('content') { should match %r{\\$ModLoad\\s+imtcp.*\\n?$} }\n      end\n      describe file('/etc/rsyslog.conf') do\n        its('content') { should_not match %r{^\\$ModLoad\\s+imtcp.*\\n?$} }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/rsyslog.conf content is expected to match /\$ModLoad\s+imtcp.*\n?$/
+--------------------------------
+passed :: TEST File /etc/rsyslog.conf content is expected not to match /^\$ModLoad\s+imtcp.*\n?$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72239</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86863r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow authentication using RSA rhosts
-authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Check the version of the operating system with the following command:
 
-    # cat &#x2F;etc&#x2F;redhat-release
+    # cat /etc/redhat-release
 
     If the release is 7.4 or newer this requirement is Not Applicable.
 
     Verify the SSH daemon does not allow authentication using RSA rhosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;RhostsRSAAuthentication&quot; option is
+    To determine how the SSH daemon's "RhostsRSAAuthentication" option is
 set, run the following command:
 
-    # grep RhostsRSAAuthentication &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep RhostsRSAAuthentication /etc/ssh/sshd_config
     RhostsRSAAuthentication no
 
-    If the value is returned as &quot;yes&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "yes", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using RSA rhosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;no&quot;:
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "no":
 
     RhostsRSAAuthentication no
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>68bac1f7-7c4b-4544-8b51-f9a6fb2d83c6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration RhostsRSAAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-77819</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-92515r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010061</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72239\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using RSA rhosts\nauthentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Check the version of the operating system with the following command:\n\n    # cat /etc/redhat-release\n\n    If the release is 7.4 or newer this requirement is Not Applicable.\n\n    Verify the SSH daemon does not allow authentication using RSA rhosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"RhostsRSAAuthentication\\\" option is\nset, run the following command:\n\n    # grep RhostsRSAAuthentication /etc/ssh/sshd_config\n    RhostsRSAAuthentication no\n\n    If the value is returned as \\\"yes\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using RSA rhosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"no\\\":\n\n    RhostsRSAAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72239\"\n  tag rid: \"SV-86863r4_rule\"\n  tag stig_id: \"RHEL-07-040330\"\n  tag fix_id: \"F-78593r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('RhostsRSAAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration RhostsRSAAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-77819</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000375-GPOS-00160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-92515r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010061</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must uniquely identify
 and must authenticate users using multifactor authentication via a graphical
-user logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+user logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To assure accountability and prevent unauthenticated access, users
 must be identified and authenticated to prevent potential misuse and compromise
 of the system.
@@ -26216,14 +25053,14 @@ of the system.
 systems gaining access include, for example, hardware tokens providing
 time-based or challenge-response authenticators and smart cards such as the
 U.S. Government Personal Identity Verification card and the DoD Common Access
-Card.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Card.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system uniquely identifies and authenticates users
 using multifactor authentication via a graphical user logon.
 
@@ -26233,23 +25070,23 @@ Applicable.
     Determine which profile the system database is using with the following
 command:
 
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Note: The example is using the database local for the system, so the path
-is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database other
+is "/etc/dconf/db/local.d". This path must be modified if a database other
 than local is being used.
 
-    # grep enable-smartcard-authentication &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
+    # grep enable-smartcard-authentication /etc/dconf/db/local.d/*
 
-    enable-smartcard-authentication&#x3D;true
+    enable-smartcard-authentication=true
 
-    If &quot;enable-smartcard-authentication&quot; is set to &quot;false&quot; or the keyword
-is missing, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "enable-smartcard-authentication" is set to "false" or the keyword
+is missing, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to uniquely identify and authenticate users
 using multifactor authentication via a graphical user logon.
 
@@ -26260,955 +25097,904 @@ Applicable.
 does not already exist) with the following command:
 
     Note: The example is using the database local for the system, so if the
-system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the file
+system is using another database in "/etc/dconf/profile/user", the file
 should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-defaults
+    # touch /etc/dconf/db/local.d/00-defaults
 
-    Edit &quot;[org&#x2F;gnome&#x2F;login-screen]&quot; and add or update the following line:
-    enable-smartcard-authentication&#x3D;true
+    Edit "[org/gnome/login-screen]" and add or update the following line:
+    enable-smartcard-authentication=true
 
     Update the system databases:
-    # dconf update</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c4fec7e9-d4c8-46b8-ae7a-b64f9286e21e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.
---------------------------------
-skipped
-The pcsc-lite package is not installed
-The pcsc-lite package is not installed, this control is Not Applicable.
---------------------------------
-skipped
-The esc package is not installed
-The esc package is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86725r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030390</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # dconf update</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-77819\" do\n  title \"The Red Hat Enterprise Linux operating system must uniquely identify\nand must authenticate users using multifactor authentication via a graphical\nuser logon.\"\n  desc  \"To assure accountability and prevent unauthenticated access, users\nmust be identified and authenticated to prevent potential misuse and compromise\nof the system.\n\n    Multifactor solutions that require devices separate from information\nsystems gaining access include, for example, hardware tokens providing\ntime-based or challenge-response authenticators and smart cards such as the\nU.S. Government Personal Identity Verification card and the DoD Common Access\nCard.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uniquely identifies and authenticates users\nusing multifactor authentication via a graphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Determine which profile the system database is using with the following\ncommand:\n\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Note: The example is using the database local for the system, so the path\nis \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database other\nthan local is being used.\n\n    # grep enable-smartcard-authentication /etc/dconf/db/local.d/*\n\n    enable-smartcard-authentication=true\n\n    If \\\"enable-smartcard-authentication\\\" is set to \\\"false\\\" or the keyword\nis missing, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to uniquely identify and authenticate users\nusing multifactor authentication via a graphical user logon.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example is using the database local for the system, so if the\nsystem is using another database in \\\"/etc/dconf/profile/user\\\", the file\nshould be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/00-defaults\n\n    Edit \\\"[org/gnome/login-screen]\\\" and add or update the following line:\n    enable-smartcard-authentication=true\n\n    Update the system databases:\n    # dconf update\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000375-GPOS-00160\"\n  tag satisfies: [\"SRG-OS-000375-GPOS-00161\", \"SRG-OS-000375-GPOS-00162\"]\n  tag gid: \"V-77819\"\n  tag rid: \"SV-92515r2_rule\"\n  tag stig_id: \"RHEL-07-010061\"\n  tag fix_id: \"F-84519r4_fix\"\n  tag cci: [\"CCI-001948\", \"CCI-001953\", \"CCI-001954\"]\n  tag nist: [\"IA-2 (11)\", \"IA-2 (12)\", \"IA-2 (12)\"]\n\n  multifactor_enabled = input('multifactor_enabled')\n  dconf_user = input('dconf_user')\n\n  if package('gnome-desktop3').installed? &amp;&amp; package('pcsc-lite').installed? || package('esc').installed?\n    impact 0.5\n    if !dconf_user.nil? &amp;&amp; command('whoami').stdout.strip == 'root'\n      describe command(\"sudo -u #{dconf_user} dconf read /org/gnome/login-screen/enable-smartcard-authentication\") do\n        its('stdout.strip') { should eq multifactor_enabled.to_s }\n      end\n    else\n      describe command(\"dconf read /org/gnome/login-screen/enable-smartcard-authentication\") do\n        its('stdout.strip') { should eq multifactor_enabled.to_s }\n      end\n    end\n  else\n    impact 0.0\n    if !package('gnome-desktop3').installed?\n      describe \"The GNOME desktop is not installed\" do\n        skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n      end\n    end\n\n    if !package('pcsc-lite').installed?\n      describe \"The pcsc-lite package is not installed\" do\n        skip \"The pcsc-lite package is not installed, this control is Not Applicable.\"\n      end\n    end\n    if !package('esc').installed?\n      describe \"The esc package is not installed\" do\n        skip \"The esc package is not installed, this control is Not Applicable.\"\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001948</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.
+--------------------------------
+skipped :: TEST The pcsc-lite package is not installed :: SKIP_MESSAGE The pcsc-lite package is not installed, this control is Not Applicable.
+--------------------------------
+skipped :: TEST The esc package is not installed :: SKIP_MESSAGE The esc package is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86725r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030390</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the lchown syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the lchown syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;lchown&quot; syscall occur.
+successful/unsuccessful attempts to use the "lchown" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw lchown &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw lchown /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;lchown&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    If both the "b32" and "b64" audit rules are not defined for the
+"lchown" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S lchown -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a1e2eeb2-2293-4b49-a683-4f050cf7d3d0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;lchown&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86747r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72101\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe lchown syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"lchown\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw lchown /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"lchown\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000474-GPOS-00219\"]\n  tag gid: \"V-72101\"\n  tag rid: \"SV-86725r5_rule\"\n  tag stig_id: \"RHEL-07-030390\"\n  tag fix_id: \"F-78453r8_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"lchown\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"lchown\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "lchown" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "lchown" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86747r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the creat syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the creat syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;creat&quot; syscall occur.
+successful/unsuccessful attempts to use the "creat" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw creat &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw creat /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S creat F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S creat F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;creat&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"creat" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;creat&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules:
-
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S creat -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a79c8e29-aa4b-41ad-a6b6-97d9c85b1117</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;creat&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86665r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "creat" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules:
+
+    -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72123\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe creat syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"creat\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw creat /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S creat F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"creat\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"creat\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules:\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72123\"\n  tag rid: \"SV-86747r5_rule\"\n  tag stig_id: \"RHEL-07-030500\"\n  tag fix_id: \"F-78475r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"creat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"creat\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n\n  if os.arch == 'x86_64'\n     describe auditd.syscall(\"creat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"creat\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "creat" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86665r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that file systems containing user home directories are mounted to prevent files
-with the setuid and setgid bit set from being executed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute setuid
+with the setuid and setgid bit set from being executed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute setuid
 and setgid files with owner privileges. This option must be used for mounting
 any file system not containing approved setuid and setguid files. Executing
 files from untrusted file systems increases the opportunity for unprivileged
-users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify file systems that contain user home directories are mounted with the
-&quot;nosuid&quot; option.
+"nosuid" option.
 
     Find the file system(s) that contain the user home directories with the
 following command:
 
     Note: If a separate file system has not been created for the user home
-directories (user home directories are mounted under &quot;&#x2F;&quot;), this is not a
-finding as the &quot;nosuid&quot; option cannot be used on the &quot;&#x2F;&quot; system.
+directories (user home directories are mounted under "/"), this is not a
+finding as the "nosuid" option cannot be used on the "/" system.
 
-    # cut -d: -f 1,3,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1001:&#x2F;home&#x2F;smithj
-    thomasr:1002:&#x2F;home&#x2F;thomasr
+    # cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1001:/home/smithj
+    thomasr:1002:/home/thomasr
 
     Check the file systems that are mounted at boot time with the following
 command:
 
-    # more &#x2F;etc&#x2F;fstab
-
-    UUID&#x3D;a411dc99-f2a1-4c87-9e05-184977be8539 &#x2F;home   ext4
-rw,relatime,discard,data&#x3D;ordered,nosuid 0 2
-
-    If a file system found in &quot;&#x2F;etc&#x2F;fstab&quot; refers to the user home directory
-file system and it does not have the &quot;nosuid&quot; option set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the &quot;&#x2F;etc&#x2F;fstab&quot; to use the &quot;nosuid&quot; option on
-file systems that contain user home directories.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6c7fecee-94fe-4fbd-9bf0-3780de59a264</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;home options is expected to include &quot;nosuid&quot;
-expected nil to include &quot;nosuid&quot;, but it does not respond to &#x60;include?&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86577r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/fstab
+
+    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /home   ext4
+rw,relatime,discard,data=ordered,nosuid 0 2
+
+    If a file system found in "/etc/fstab" refers to the user home directory
+file system and it does not have the "nosuid" option set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the "/etc/fstab" to use the "nosuid" option on
+file systems that contain user home directories.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72041\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat file systems containing user home directories are mounted to prevent files\nwith the setuid and setgid bit set from being executed.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute setuid\nand setgid files with owner privileges. This option must be used for mounting\nany file system not containing approved setuid and setguid files. Executing\nfiles from untrusted file systems increases the opportunity for unprivileged\nusers to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify file systems that contain user home directories are mounted with the\n\\\"nosuid\\\" option.\n\n    Find the file system(s) that contain the user home directories with the\nfollowing command:\n\n    Note: If a separate file system has not been created for the user home\ndirectories (user home directories are mounted under \\\"/\\\"), this is not a\nfinding as the \\\"nosuid\\\" option cannot be used on the \\\"/\\\" system.\n\n    # cut -d: -f 1,3,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1001:/home/smithj\n    thomasr:1002:/home/thomasr\n\n    Check the file systems that are mounted at boot time with the following\ncommand:\n\n    # more /etc/fstab\n\n    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /home   ext4\nrw,relatime,discard,data=ordered,nosuid 0 2\n\n    If a file system found in \\\"/etc/fstab\\\" refers to the user home directory\nfile system and it does not have the \\\"nosuid\\\" option set, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the \\\"/etc/fstab\\\" to use the \\\"nosuid\\\" option on\nfile systems that contain user home directories.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72041\"\n  tag rid: \"SV-86665r4_rule\"\n  tag stig_id: \"RHEL-07-021000\"\n  tag fix_id: \"F-78393r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/home') do\n    its('options') { should include 'nosuid' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /home options is expected to include "nosuid" :: MESSAGE expected nil to include "nosuid", but it does not respond to `include?`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86577r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow an
-unattended or automatic logon to the system via a graphical user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unattended or automatic logon to the system via a graphical user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Failure to restrict system access to authenticated users negatively
-impacts operating system security.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+impacts operating system security.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system does not allow an unattended or automatic logon
 to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Check for the value of the &quot;AutomaticLoginEnable&quot; in the
-&quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file with the following command:
+    Check for the value of the "AutomaticLoginEnable" in the
+"/etc/gdm/custom.conf" file with the following command:
 
-    # grep -i automaticloginenable &#x2F;etc&#x2F;gdm&#x2F;custom.conf
-    AutomaticLoginEnable&#x3D;false
+    # grep -i automaticloginenable /etc/gdm/custom.conf
+    AutomaticLoginEnable=false
 
-    If the value of &quot;AutomaticLoginEnable&quot; is not set to &quot;false&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "AutomaticLoginEnable" is not set to "false", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to not allow an unattended or automatic
 logon to the system via a graphical user interface.
 
     Note: If the system does not have GNOME installed, this requirement is Not
 Applicable.
 
-    Add or edit the line for the &quot;AutomaticLoginEnable&quot; parameter in the
-[daemon] section of the &quot;&#x2F;etc&#x2F;gdm&#x2F;custom.conf&quot; file to &quot;false&quot;:
+    Add or edit the line for the "AutomaticLoginEnable" parameter in the
+[daemon] section of the "/etc/gdm/custom.conf" file to "false":
 
     [daemon]
-    AutomaticLoginEnable&#x3D;false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d9791a0c-2703-4526-9ef4-d93f55c00674</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GDM installed
-The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71969</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86593r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    AutomaticLoginEnable=false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71953\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow an\nunattended or automatic logon to the system via a graphical user interface.\"\n  desc  \"Failure to restrict system access to authenticated users negatively\nimpacts operating system security.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system does not allow an unattended or automatic logon\nto the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check for the value of the \\\"AutomaticLoginEnable\\\" in the\n\\\"/etc/gdm/custom.conf\\\" file with the following command:\n\n    # grep -i automaticloginenable /etc/gdm/custom.conf\n    AutomaticLoginEnable=false\n\n    If the value of \\\"AutomaticLoginEnable\\\" is not set to \\\"false\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to not allow an unattended or automatic\nlogon to the system via a graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Add or edit the line for the \\\"AutomaticLoginEnable\\\" parameter in the\n[daemon] section of the \\\"/etc/gdm/custom.conf\\\" file to \\\"false\\\":\n\n    [daemon]\n    AutomaticLoginEnable=false\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00229\"\n  tag gid: \"V-71953\"\n  tag rid: \"SV-86577r2_rule\"\n  tag stig_id: \"RHEL-07-010440\"\n  tag fix_id: \"F-78305r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  custom_conf = '/etc/gdm/custom.conf'\n\n  if package('gdm').installed?\n    if ((f = file(custom_conf)).exist?)\n      describe ini(custom_conf) do\n        its('daemon.AutomaticLoginEnable') { cmp false }\n      end\n    else\n      describe f do\n        it { should exist }\n      end\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GDM installed\" do\n      skip \"The system does not have GDM installed, this requirement is Not Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GDM installed :: SKIP_MESSAGE The system does not have GDM installed, this requirement is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71969</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-GPOS-00049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86593r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have the ypserv
-package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Removing the &quot;ypserv&quot; package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Removing the "ypserv" package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The NIS service provides an unencrypted authentication service that does
 not provide for the confidentiality and integrity of user passwords or the
 remote session.
 
-    Check to see if the &quot;ypserve&quot; package is installed with the following
+    Check to see if the "ypserve" package is installed with the following
 command:
 
     # yum list installed ypserv
 
-    If the &quot;ypserv&quot; package is installed, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "ypserv" package is installed, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable non-essential capabilities by
-removing the &quot;ypserv&quot; package from the system with the following command:
-
-    # yum remove ypserv</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b354a5ea-9814-4888-ac81-6f21aa3b2679</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package ypserv is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72017</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86641r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020630</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+removing the "ypserv" package from the system with the following command:
+
+    # yum remove ypserv</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71969\" do\n  title \"The Red Hat Enterprise Linux operating system must not have the ypserv\npackage installed.\"\n  desc  \"Removing the \\\"ypserv\\\" package decreases the risk of the accidental\n(or intentional) activation of NIS or NIS+ services.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    The NIS service provides an unencrypted authentication service that does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session.\n\n    Check to see if the \\\"ypserve\\\" package is installed with the following\ncommand:\n\n    # yum list installed ypserv\n\n    If the \\\"ypserv\\\" package is installed, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable non-essential capabilities by\nremoving the \\\"ypserv\\\" package from the system with the following command:\n\n    # yum remove ypserv\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000095-GPOS-00049\"\n  tag gid: \"V-71969\"\n  tag rid: \"SV-86593r2_rule\"\n  tag stig_id: \"RHEL-07-020010\"\n  tag fix_id: \"F-78321r1_fix\"\n  tag cci: [\"CCI-000381\"]\n  tag nist: [\"CM-7 a\", \"Rev_4\"]\n\n  describe package(\"ypserv\") do\n    it { should_not be_installed }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package ypserv is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72017</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86641r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020630</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local interactive user home directories have mode 0750 or less
-permissive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+permissive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Excessive permissions on local interactive user home directories may
-allow unauthorized access to user files by other users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+allow unauthorized access to user files by other users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users has a
-mode of &quot;0750&quot; or less permissive.
+mode of "0750" or less permissive.
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
@@ -27217,280 +26003,268 @@ system with the following command:
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    # ls -ld $(egrep &#39;:[0-9]{4}&#39; &#x2F;etc&#x2F;passwd | cut -d: -f6)
-    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 &#x2F;home&#x2F;smithj
+    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
+    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj
 
-    If home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; do not have a mode of
-&quot;0750&quot; or less permissive, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the mode of interactive user&#39;s home directories to &quot;0750&quot;. To
-change the mode of a local interactive user&#39;s home directory, use the following
+    If home directories referenced in "/etc/passwd" do not have a mode of
+"0750" or less permissive, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the mode of interactive user's home directories to "0750". To
+change the mode of a local interactive user's home directory, use the following
 command:
 
-    Note: The example will be for the user &quot;smithj&quot;.
-
-    # chmod 0750 &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fa96f99a-4bbc-415f-ab09-3fbc25104f86</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86815r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030840</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Note: The example will be for the user "smithj".
+
+    # chmod 0750 /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72017\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories have mode 0750 or less\npermissive.\"\n  desc  \"Excessive permissions on local interactive user home directories may\nallow unauthorized access to user files by other users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users has a\nmode of \\\"0750\\\" or less permissive.\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    # ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)\n    -rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj\n\n    If home directories referenced in \\\"/etc/passwd\\\" do not have a mode of\n\\\"0750\\\" or less permissive, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the mode of interactive user's home directories to \\\"0750\\\". To\nchange the mode of a local interactive user's home directory, use the following\ncommand:\n\n    Note: The example will be for the user \\\"smithj\\\".\n\n    # chmod 0750 /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72017\"\n  tag rid: \"SV-86641r3_rule\"\n  tag stig_id: \"RHEL-07-020630\"\n  tag fix_id: \"F-78369r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -maxdepth 0 -perm /027\").stdout.split(\"\\n\")\n  end\n  describe \"Home directories with excessive permissions\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Home directories with excessive permissions is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86815r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030840</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the kmod command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the kmod command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;kmod&quot; command occur.
+successful/unsuccessful attempts to use the "kmod" command occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw kmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw kmod /etc/audit/audit.rules
 
-    -w &#x2F;usr&#x2F;bin&#x2F;kmod -p x -F auid!&#x3D;4294967295 -k module-change
+    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;kmod&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;usr&#x2F;bin&#x2F;kmod -p x -F auid!&#x3D;4294967295 -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>66c39a20-d412-4aa2-8181-d9dbdb9bb59f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;kmod&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;kmod&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71903</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86527r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010120</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "kmod" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72191\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe kmod command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"kmod\\\" command occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw kmod /etc/audit/audit.rules\n\n    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"kmod\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72191\"\n  tag rid: \"SV-86815r5_rule\"\n  tag stig_id: \"RHEL-07-030840\"\n  tag fix_id: \"F-78545r10_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/kmod'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/kmod" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/kmod" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71903</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86527r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010120</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, the new
-password must contain at least one upper-case character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+password must contain at least one upper-case character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
@@ -27499,144 +26273,139 @@ and brute-force attacks.
     Password complexity is one factor of several that determines how long it
 takes to crack a password. The more complex the password, the greater the
 number of possible combinations that need to be tested before the password is
-compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: The value to require a number of upper-case characters to be set is
-expressed as a negative number in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot;.
+expressed as a negative number in "/etc/security/pwquality.conf".
 
-    Check the value for &quot;ucredit&quot; in &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with
+    Check the value for "ucredit" in "/etc/security/pwquality.conf" with
 the following command:
 
-    # grep ucredit &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    ucredit &#x3D; -1
+    # grep ucredit /etc/security/pwquality.conf
+    ucredit = -1
 
-    If the value of &quot;ucredit&quot; is not set to a negative value, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of "ucredit" is not set to a negative value, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to enforce password complexity by requiring
-that at least one upper-case character be used by setting the &quot;ucredit&quot;
+that at least one upper-case character be used by setting the "ucredit"
 option.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    ucredit &#x3D; -1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>01b1bcd1-b99b-4392-8b13-81e77108b058</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf ucredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81021</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95733r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    ucredit = -1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71903\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, the new\npassword must contain at least one upper-case character.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks.\n\n    Password complexity is one factor of several that determines how long it\ntakes to crack a password. The more complex the password, the greater the\nnumber of possible combinations that need to be tested before the password is\ncompromised.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Note: The value to require a number of upper-case characters to be set is\nexpressed as a negative number in \\\"/etc/security/pwquality.conf\\\".\n\n    Check the value for \\\"ucredit\\\" in \\\"/etc/security/pwquality.conf\\\" with\nthe following command:\n\n    # grep ucredit /etc/security/pwquality.conf\n    ucredit = -1\n\n    If the value of \\\"ucredit\\\" is not set to a negative value, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enforce password complexity by requiring\nthat at least one upper-case character be used by setting the \\\"ucredit\\\"\noption.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    ucredit = -1\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-71903\"\n  tag rid: \"SV-86527r3_rule\"\n  tag stig_id: \"RHEL-07-010120\"\n  tag fix_id: \"F-78255r1_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('ucredit.to_i') { should cmp &lt; 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf ucredit.to_i is expected to cmp &lt; 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81021</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95733r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must label all
-off-loaded audit logs before sending them to the central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+off-loaded audit logs before sending them to the central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
@@ -27645,312 +26414,302 @@ storage capacity.
 
     When audit logs are not labeled before they are sent to a central log
 server, the audit data will not be able to be analyzed and tied back to the
-correct system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+correct system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the audisp daemon is configured to label all off-loaded audit logs:
 
-    # grep &quot;name_format&quot; &#x2F;etc&#x2F;audisp&#x2F;audispd.conf
+    # grep "name_format" /etc/audisp/audispd.conf
 
-    name_format &#x3D; hostname
+    name_format = hostname
 
-    If the &quot;name_format&quot; option is not &quot;hostname&quot;, &quot;fqd&quot;, or &quot;numeric&quot;,
-or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;audispd.conf file and add or update the
-&quot;name_format&quot; option:
+    If the "name_format" option is not "hostname", "fqd", or "numeric",
+or the line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/audispd.conf file and add or update the
+"name_format" option:
 
-    name_format &#x3D; hostname
+    name_format = hostname
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>077e854e-8399-49c5-b15b-4a675d0fa485</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;audisp&#x2F;audispd.conf name_format is expected to match &#x2F;^hostname$|^fqd$|^numeric$&#x2F;i</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86675r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81021\" do\n  title \"The Red Hat Enterprise Linux operating system must label all\noff-loaded audit logs before sending them to the central log server.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    When audit logs are not labeled before they are sent to a central log\nserver, the audit data will not be able to be analyzed and tied back to the\ncorrect system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the audisp daemon is configured to label all off-loaded audit logs:\n\n    # grep \\\"name_format\\\" /etc/audisp/audispd.conf\n\n    name_format = hostname\n\n    If the \\\"name_format\\\" option is not \\\"hostname\\\", \\\"fqd\\\", or \\\"numeric\\\",\nor the line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/audispd.conf file and add or update the\n\\\"name_format\\\" option:\n\n    name_format = hostname\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81021\"\n  tag rid: \"SV-95733r1_rule\"\n  tag stig_id: \"RHEL-07-030211\"\n  tag fix_id: \"F-87855r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  if file('/etc/audisp/audispd.conf').exist?\n    describe parse_config_file('/etc/audisp/audispd.conf') do\n      its('name_format') { should match %r{^hostname$|^fqd$|^numeric$}i }\n    end\n  else\n    describe \"File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/audisp/audispd.conf name_format is expected to match /^hostname$|^fqd$|^numeric$/i</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86675r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have cron logging
-implemented.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+implemented.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Cron logging can be used to trace the successful or unsuccessful
 execution of cron jobs. It can also be used to spot intrusions into the use of
-the cron facility by unauthorized and malicious users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that &quot;rsyslog&quot; is configured to log cron events.
-
-    Check the configuration of &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or
-&quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files for the cron facility with the following
+the cron facility by unauthorized and malicious users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that "rsyslog" is configured to log cron events.
+
+    Check the configuration of "/etc/rsyslog.conf" or
+"/etc/rsyslog.d/*.conf" files for the cron facility with the following
 command:
 
     Note: If another logging package is used, substitute the utility
-configuration file for &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files.
+configuration file for "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf" files.
 
-    # grep cron &#x2F;etc&#x2F;rsyslog.conf  &#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf
-    cron.* &#x2F;var&#x2F;log&#x2F;cron.log
+    # grep cron /etc/rsyslog.conf  /etc/rsyslog.d/*.conf
+    cron.* /var/log/cron.log
 
     If the command does not return a response, check for cron logging all
-facilities by inspecting the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot;
+facilities by inspecting the "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf"
 files.
 
     Look for the following entry:
 
-    *.* &#x2F;var&#x2F;log&#x2F;messages
-
-    If &quot;rsyslog&quot; is not logging messages for the cron facility or all
-facilities, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure &quot;rsyslog&quot; to log all cron messages by adding or updating the
-following line to &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;rsyslog.d&#x2F; directory:
-
-    cron.* &#x2F;var&#x2F;log&#x2F;cron.log</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a3ab2063-92ae-4d2d-9d66-c419e662a825</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep cron &#x2F;etc&#x2F;rsyslog.conf&#x60; stdout.strip is expected to match &#x2F;^cron&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72079</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000038-GPOS-00016</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86703r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    *.* /var/log/messages
+
+    If "rsyslog" is not logging messages for the cron facility or all
+facilities, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure "rsyslog" to log all cron messages by adding or updating the
+following line to "/etc/rsyslog.conf" or a configuration file in the
+/etc/rsyslog.d/ directory:
+
+    cron.* /var/log/cron.log</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72051\" do\n  title \"The Red Hat Enterprise Linux operating system must have cron logging\nimplemented.\"\n  desc  \"Cron logging can be used to trace the successful or unsuccessful\nexecution of cron jobs. It can also be used to spot intrusions into the use of\nthe cron facility by unauthorized and malicious users.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that \\\"rsyslog\\\" is configured to log cron events.\n\n    Check the configuration of \\\"/etc/rsyslog.conf\\\" or\n\\\"/etc/rsyslog.d/*.conf\\\" files for the cron facility with the following\ncommand:\n\n    Note: If another logging package is used, substitute the utility\nconfiguration file for \\\"/etc/rsyslog.conf\\\" or \\\"/etc/rsyslog.d/*.conf\\\" files.\n\n    # grep cron /etc/rsyslog.conf  /etc/rsyslog.d/*.conf\n    cron.* /var/log/cron.log\n\n    If the command does not return a response, check for cron logging all\nfacilities by inspecting the \\\"/etc/rsyslog.conf\\\" or \\\"/etc/rsyslog.d/*.conf\\\"\nfiles.\n\n    Look for the following entry:\n\n    *.* /var/log/messages\n\n    If \\\"rsyslog\\\" is not logging messages for the cron facility or all\nfacilities, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure \\\"rsyslog\\\" to log all cron messages by adding or updating the\nfollowing line to \\\"/etc/rsyslog.conf\\\" or a configuration file in the\n/etc/rsyslog.d/ directory:\n\n    cron.* /var/log/cron.log\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72051\"\n  tag rid: \"SV-86675r2_rule\"\n  tag stig_id: \"RHEL-07-021100\"\n  tag fix_id: \"F-78403r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  log_pkg_path = input('log_pkg_path')\n\n  describe.one do\n    describe command(\"grep cron #{log_pkg_path}\") do\n      its('stdout.strip') { should match %r{^cron} }\n    end\n    describe file(\"#{log_pkg_path}\") do\n      its('content') { should match %r{^\\*\\.\\* \\/var\\/log\\/messages\\n?$} }\n      its('content') { should_not match %r{^*.*\\s+~$.*^*\\.\\* \\/var\\/log\\/messages\\n?$}m }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep cron /etc/rsyslog.conf` stdout.strip is expected to match /^cron/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72079</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000038-GPOS-00016</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86703r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that auditing is configured to produce records containing information to
 establish what type of events occurred, where the events occurred, the source
 of the events, and the outcome of the events. These audit records must also
-identify individual identities of group account users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identify individual identities of group account users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without establishing what type of events occurred, it would be
 difficult to establish, correlate, and investigate the events leading up to an
 outage or attack.
 
     Audit record content that may be necessary to satisfy this requirement
 includes, for example, time stamps, source and destination addresses,
-user&#x2F;process identifiers, event descriptions, success&#x2F;fail indications,
+user/process identifiers, event descriptions, success/fail indications,
 filenames involved, and access control or flow control rules invoked.
 
     Associating event types with detected events in the operating system audit
 logs provides a means of investigating an attack; recognizing resource
 utilization or capacity thresholds; or identifying an improperly configured
-operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system produces audit records containing information
 to establish when (date and time) the events occurred.
 
@@ -27959,134 +26718,129 @@ to establish when (date and time) the events occurred.
     # systemctl is-active auditd.service
     active
 
-    If the &quot;auditd&quot; status is not active, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "auditd" status is not active, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to produce audit records containing
 information to establish when (date and time) the events occurred.
 
     Enable the auditd service with the following command:
 
-    # systemctl start auditd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ad387e6f-58a7-4510-9b41-047c84ea035b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000131</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service auditd is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72219</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000096-GPOS-00050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86843r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl start auditd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72079\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat auditing is configured to produce records containing information to\nestablish what type of events occurred, where the events occurred, the source\nof the events, and the outcome of the events. These audit records must also\nidentify individual identities of group account users.\"\n  desc  \"Without establishing what type of events occurred, it would be\ndifficult to establish, correlate, and investigate the events leading up to an\noutage or attack.\n\n    Audit record content that may be necessary to satisfy this requirement\nincludes, for example, time stamps, source and destination addresses,\nuser/process identifiers, event descriptions, success/fail indications,\nfilenames involved, and access control or flow control rules invoked.\n\n    Associating event types with detected events in the operating system audit\nlogs provides a means of investigating an attack; recognizing resource\nutilization or capacity thresholds; or identifying an improperly configured\noperating system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system produces audit records containing information\nto establish when (date and time) the events occurred.\n\n    Check to see if auditing is active by issuing the following command:\n\n    # systemctl is-active auditd.service\n    active\n\n    If the \\\"auditd\\\" status is not active, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to produce audit records containing\ninformation to establish when (date and time) the events occurred.\n\n    Enable the auditd service with the following command:\n\n    # systemctl start auditd.service\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000038-GPOS-00016\"\n  tag satisfies: [\"SRG-OS-000038-GPOS-00016\", \"SRG-OS-000039-GPOS-00017\",\n\"SRG-OS-000042-GPOS-00021\", \"SRG-OS-000254-GPOS-00095\",\n\"SRG-OS-000255-GPOS-00096\"]\n  tag gid: \"V-72079\"\n  tag rid: \"SV-86703r3_rule\"\n  tag stig_id: \"RHEL-07-030000\"\n  tag fix_id: \"F-78431r2_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000131\"]\n  tag nist: [\"AU-2 d\", \"AU-3\", \"Rev_4\"]\n\n  describe service('auditd') do\n    it { should be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000131</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service auditd is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72219</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000096-GPOS-00050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86843r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-prohibit or restrict the use of functions, ports, protocols, and&#x2F;or services,
+prohibit or restrict the use of functions, ports, protocols, and/or services,
 as defined in the Ports, Protocols, and Services Management Component Local
-Service Assessment (PPSM CLSA) and vulnerability assessments.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Service Assessment (PPSM CLSA) and vulnerability assessments.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>In order to prevent unauthorized connection of devices, unauthorized
 transfer of information, or unauthorized tunneling (i.e., embedding of data
 types within data types), organizations must disable or restrict unused or
-unnecessary physical and logical ports&#x2F;protocols on information systems.
+unnecessary physical and logical ports/protocols on information systems.
 
     Operating systems are capable of providing a wide variety of functions and
 services. Some of the functions and services provided by default may not be
@@ -28097,19 +26851,19 @@ services provided by any one component.
 
     To support the requirements and principles of least functionality, the
 operating system must support the organizational requirements, providing only
-essential capabilities and limiting the use of ports, protocols, and&#x2F;or
+essential capabilities and limiting the use of ports, protocols, and/or
 services to only those required, authorized, and approved to conduct official
-business or to address authorized quality of life issues.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+business or to address authorized quality of life issues.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inspect the firewall configuration and running services to verify that it
 is configured to prohibit or restrict the use of functions, ports, protocols,
-and&#x2F;or services that are unnecessary or prohibited.
+and/or services that are unnecessary or prohibited.
 
     Check which services are currently active with the following command:
 
@@ -28129,130 +26883,123 @@ services allowed by the firewall match the PPSM CLSA.
 
     If there are additional ports, protocols, or services that are not in the
 PPSM CLSA, or there are ports, protocols, or services that are prohibited by
-the PPSM Category Assurance List (CAL), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Update the host&#39;s firewall settings and&#x2F;or running services to
-comply with the PPSM CLSA for the site or program and the PPSM CAL.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f26e4312-56f0-44c0-8d70-b27f3942700b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Firewalld zones are not specified. Check &#39;firewalld_zones&#39; input. is expected to equal false
-
+the PPSM Category Assurance List (CAL), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Update the host's firewall settings and/or running services to
+comply with the PPSM CLSA for the site or program and the PPSM CAL.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72219\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nprohibit or restrict the use of functions, ports, protocols, and/or services,\nas defined in the Ports, Protocols, and Services Management Component Local\nService Assessment (PPSM CLSA) and vulnerability assessments.\"\n  desc  \"In order to prevent unauthorized connection of devices, unauthorized\ntransfer of information, or unauthorized tunneling (i.e., embedding of data\ntypes within data types), organizations must disable or restrict unused or\nunnecessary physical and logical ports/protocols on information systems.\n\n    Operating systems are capable of providing a wide variety of functions and\nservices. Some of the functions and services provided by default may not be\nnecessary to support essential organizational operations. Additionally, it is\nsometimes convenient to provide multiple services from a single component\n(e.g., VPN and IPS); however, doing so increases risk over limiting the\nservices provided by any one component.\n\n    To support the requirements and principles of least functionality, the\noperating system must support the organizational requirements, providing only\nessential capabilities and limiting the use of ports, protocols, and/or\nservices to only those required, authorized, and approved to conduct official\nbusiness or to address authorized quality of life issues.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Inspect the firewall configuration and running services to verify that it\nis configured to prohibit or restrict the use of functions, ports, protocols,\nand/or services that are unnecessary or prohibited.\n\n    Check which services are currently active with the following command:\n\n    # firewall-cmd --list-all\n    public (default, active)\n      interfaces: enp0s3\n      sources:\n      services: dhcpv6-client dns http https ldaps rpc-bind ssh\n      ports:\n      masquerade: no\n      forward-ports:\n      icmp-blocks:\n      rich rules:\n\n    Ask the System Administrator for the site or program PPSM CLSA. Verify the\nservices allowed by the firewall match the PPSM CLSA.\n\n    If there are additional ports, protocols, or services that are not in the\nPPSM CLSA, or there are ports, protocols, or services that are prohibited by\nthe PPSM Category Assurance List (CAL), this is a finding.\n  \"\n  desc  \"fix\", \"Update the host's firewall settings and/or running services to\ncomply with the PPSM CLSA for the site or program and the PPSM CAL.\"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000096-GPOS-00050\"\n  tag satisfies: [\"SRG-OS-000096-GPOS-00050\", \"SRG-OS-000297-GPOS-00115\"]\n  tag gid: \"V-72219\"\n  tag rid: \"SV-86843r2_rule\"\n  tag stig_id: \"RHEL-07-040100\"\n  tag fix_id: \"F-78573r1_fix\"\n  tag cci: [\"CCI-000382\", \"CCI-002314\"]\n  tag nist: [\"CM-7 b\", \"AC-17 (1)\", \"Rev_4\"]\n\n  firewalld_services_deny = input('firewalld_services_deny')\n  firewalld_hosts_deny = input('firewalld_hosts_deny')\n  firewalld_ports_deny = input('firewalld_ports_deny')\n  firewalld_zones = input('firewalld_zones')\n  iptables_rules = input('iptables_rules')\n\n  if service('firewalld').running?\n\n    # Check that the rules specified in 'firewalld_host_deny' are not enabled\n    describe firewalld do\n      firewalld_hosts_deny.each do |rule|\n        it { should_not have_rule_enabled(rule) }\n      end\n    end\n\n    # Check to make sure zones are specified\n    if firewalld_zones.empty?\n      describe \"Firewalld zones are not specified. Check 'firewalld_zones' input.\" do\n        subject { firewalld_zones.empty? }\n        it { should be false }\n      end\n    end\n\n    # Check that the services specified in 'firewalld_services_deny' and\n    # ports specified in 'firewalld_ports_deny' are not enabled\n    firewalld_zones.each do |zone|\n      if firewalld.has_zone?(zone)\n        zone_services = firewalld_services_deny[\"public\"]\n        zone_ports = firewalld_ports_deny[zone]\n\n        if !zone_services.nil?\n          describe firewalld do\n            zone_services.each do |serv|\n              it { should_not have_service_enabled_in_zone(serv,zone) }\n            end\n          end\n        else\n          describe \"Services for zone '#{zone}' are not specified. Check 'firewalld_services_deny' input.\" do\n            subject { zone_services.nil? }\n            it { should be false }\n          end\n        end\n\n        if !zone_ports.nil?\n          describe firewalld do\n            zone_ports.each do |port|\n              it { should_not have_port_enabled_in_zone(port,zone) }\n            end\n          end\n        else\n          describe \"Ports for zone '#{zone}' are not specified. Check 'firewalld_ports_deny' input.\" do\n            subject { zone_ports.nil? }\n            it { should be false }\n          end\n        end\n      else\n        describe \"Firewalld zone '#{zone}' exists\" do\n          subject { firewalld.has_zone?(zone) }\n          it { should be true }\n        end\n      end\n    end\n  elsif service('iptables').running?\n    describe iptables do\n      iptables_rules.each do |rule|\n        it { should have_rule(rule) }\n      end\n    end\n  else\n    describe \"No application firewall is installed\" do\n      subject { service('firewalld').running? || service('iptables').running? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Firewalld zones are not specified. Check 'firewalld_zones' input. is expected to equal false :: MESSAGE 
 expected false
-     got true
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86859r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+     got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-GPOS-00187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86859r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all networked systems use SSH for confidentiality and integrity of
 transmitted and received information as well as information during preparation
-for transmission.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+for transmission.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without protection of the transmitted information, confidentiality and
 integrity may be compromised because unprotected communications can be
 intercepted and either read or altered.
@@ -28268,1048 +27015,1007 @@ interception and modification.
 can be accomplished by physical means (e.g., employing physical distribution
 systems) or by logical means (e.g., employing cryptographic techniques). If
 physical means of protection are employed, then logical means (cryptography) do
-not have to be employed, and vice versa.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+not have to be employed, and vice versa.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify SSH is loaded and active with the following command:
 
     # systemctl status sshd
     sshd.service - OpenSSH server daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;sshd.service; enabled)
+    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
     Active: active (running) since Tue 2015-11-17 15:17:22 EST; 4 weeks 0 days
 ago
     Main PID: 1348 (sshd)
-    CGroup: &#x2F;system.slice&#x2F;sshd.service
-    1053 &#x2F;usr&#x2F;sbin&#x2F;sshd -D
-
-    If &quot;sshd&quot; does not show a status of &quot;active&quot; and &quot;running&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    CGroup: /system.slice/sshd.service
+    1053 /usr/sbin/sshd -D
+
+    If "sshd" does not show a status of "active" and "running", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH service to automatically start after reboot with the
 following command:
 
-    # systemctl enable sshd.service</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>45416e2d-8daa-41ac-92c9-8625c1f40e9e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service sshd.service is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86903r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040550</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl enable sshd.service</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72235\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all networked systems use SSH for confidentiality and integrity of\ntransmitted and received information as well as information during preparation\nfor transmission.\"\n  desc  \"Without protection of the transmitted information, confidentiality and\nintegrity may be compromised because unprotected communications can be\nintercepted and either read or altered.\n\n    This requirement applies to both internal and external networks and all\ntypes of information system components from which information can be\ntransmitted (e.g., servers, mobile devices, notebook computers, printers,\ncopiers, scanners, and facsimile machines). Communication paths outside the\nphysical protection of a controlled boundary are exposed to the possibility of\ninterception and modification.\n\n    Protecting the confidentiality and integrity of organizational information\ncan be accomplished by physical means (e.g., employing physical distribution\nsystems) or by logical means (e.g., employing cryptographic techniques). If\nphysical means of protection are employed, then logical means (cryptography) do\nnot have to be employed, and vice versa.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify SSH is loaded and active with the following command:\n\n    # systemctl status sshd\n    sshd.service - OpenSSH server daemon\n    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)\n    Active: active (running) since Tue 2015-11-17 15:17:22 EST; 4 weeks 0 days\nago\n    Main PID: 1348 (sshd)\n    CGroup: /system.slice/sshd.service\n    1053 /usr/sbin/sshd -D\n\n    If \\\"sshd\\\" does not show a status of \\\"active\\\" and \\\"running\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH service to automatically start after reboot with the\nfollowing command:\n\n    # systemctl enable sshd.service\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000423-GPOS-00187\"\n  tag satisfies: [\"SRG-OS-000423-GPOS-00187\", \"SRG-OS-000423-GPOS-00188\",\n\"SRG-OS-000423-GPOS-00189\", \"SRG-OS-000423-GPOS-00190\"]\n  tag gid: \"V-72235\"\n  tag rid: \"SV-86859r3_rule\"\n  tag stig_id: \"RHEL-07-040310\"\n  tag fix_id: \"F-78589r2_fix\"\n  tag cci: [\"CCI-002418\", \"CCI-002420\", \"CCI-002421\", \"CCI-002422\"]\n  tag nist: [\"SC-8\", \"SC-8 (2)\", \"SC-8 (1)\", \"SC-8 (2)\", \"Rev_4\"]\n\n  describe systemd_service('sshd.service') do\n    it { should be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service sshd.service is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72279</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86903r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040550</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not contain
-shosts.equiv files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+shosts.equiv files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The shosts.equiv files are used to configure host-based authentication
 for the system via SSH. Host-based authentication is not sufficient for
 preventing unauthorized access to the system, as it does not require
 interactive identification and authentication of a connection request, or for
-the use of two-factor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify there are no &quot;shosts.equiv&quot; files on the system.
+the use of two-factor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify there are no "shosts.equiv" files on the system.
 
     Check the system for the existence of these files with the following
 command:
 
-    # find &#x2F; -name shosts.equiv
-
-    If any &quot;shosts.equiv&quot; files are found on the system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Remove any found &quot;shosts.equiv&quot; files from the system.
-
-# rm &#x2F;[path]&#x2F;[to]&#x2F;[file]&#x2F;shosts.equiv</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b0346ce3-5877-4be3-a0e3-37d5eeeb99c9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -name shosts.equiv&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86769r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # find / -name shosts.equiv
+
+    If any "shosts.equiv" files are found on the system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove any found "shosts.equiv" files from the system.
+
+# rm /[path]/[to]/[file]/shosts.equiv</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72279\" do\n  title \"The Red Hat Enterprise Linux operating system must not contain\nshosts.equiv files.\"\n  desc  \"The shosts.equiv files are used to configure host-based authentication\nfor the system via SSH. Host-based authentication is not sufficient for\npreventing unauthorized access to the system, as it does not require\ninteractive identification and authentication of a connection request, or for\nthe use of two-factor authentication.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify there are no \\\"shosts.equiv\\\" files on the system.\n\n    Check the system for the existence of these files with the following\ncommand:\n\n    # find / -name shosts.equiv\n\n    If any \\\"shosts.equiv\\\" files are found on the system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Remove any found \\\"shosts.equiv\\\" files from the system.\n\n    # rm /[path]/[to]/[file]/shosts.equiv\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72279\"\n  tag rid: \"SV-86903r2_rule\"\n  tag stig_id: \"RHEL-07-040550\"\n  tag fix_id: \"F-78633r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe command('find / -xautofs -name shosts.equiv') do\n    its('stdout.strip') { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -name shosts.equiv` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86769r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
-records for all unsuccessful account access events.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+records for all unsuccessful account access events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when unsuccessful
 account access events occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 commands:
 
-    # grep -i &#x2F;var&#x2F;run&#x2F;faillock &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /var/run/faillock /etc/audit/audit.rules
 
-    -w &#x2F;var&#x2F;run&#x2F;faillock -p wa -k logins
+    -w /var/run/faillock -p wa -k logins
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when unsuccessful
 account access events occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;var&#x2F;run&#x2F;faillock -p wa -k logins
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>28c43946-af01-4586-a3eb-71631dc7c8e2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;var&#x2F;run&#x2F;faillock&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-94843</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-104673r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /var/run/faillock -p wa -k logins
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72145\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all unsuccessful account access events.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when unsuccessful\naccount access events occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommands:\n\n    # grep -i /var/run/faillock /etc/audit/audit.rules\n\n    -w /var/run/faillock -p wa -k logins\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when unsuccessful\naccount access events occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /var/run/faillock -p wa -k logins\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000470-GPOS-00214\",\n\"SRG-OS-000473-GPOS-00218\"]\n  tag gid: \"V-72145\"\n  tag rid: \"SV-86769r4_rule\"\n  tag stig_id: \"RHEL-07-030610\"\n  tag fix_id: \"F-78497r4_fix\"\n  tag cci: [\"CCI-000126\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-2 d\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/var/run/faillock'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000126</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/var/run/faillock" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/var/run/faillock" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-94843</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-104673r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A locally logged-on user who presses Ctrl-Alt-Delete, when at the
 console, can reboot the system. If accidentally pressed, as could happen in the
 case of a mixed OS environment, this can create the risk of short-term loss of
 availability of systems due to unintentional reboot. In the GNOME graphical
 environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is
-reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+reduced because the user will be prompted before any action is taken.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system is not configured to reboot the system when
 Ctrl-Alt-Delete is pressed.
 
     Check that the ctrl-alt-del.target is masked and not active in the GUI with
 the following command:
 
-    # grep logout &#x2F;etc&#x2F;dconf&#x2F;local.d&#x2F;*
+    # grep logout /etc/dconf/local.d/*
 
-    logout&#x3D;&#39;&#39;
+    logout=''
 
-    If &quot;logout&quot; is not set to use two single quotations, or is missing, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "logout" is not set to use two single quotations, or is missing, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to disable the Ctrl-Alt-Delete sequence for the GUI
 with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-disable-CAD
+    # touch /etc/dconf/db/local.d/00-disable-CAD
 
     Add the setting to disable the Ctrl-Alt-Delete sequence for GNOME:
 
-    [org&#x2F;gnome&#x2F;settings-daemon&#x2F;plugins&#x2F;media-keys]
-    logout&#x3D;&#39;&#39;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>17f6c8a5-979f-46e9-8652-e5f1bae27d67</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72249</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86873r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    [org/gnome/settings-daemon/plugins/media-keys]
+    logout=''</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-94843\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the x86 Ctrl-Alt-Delete key sequence is disabled in the GUI.\"\n  desc  \"A locally logged-on user who presses Ctrl-Alt-Delete, when at the\nconsole, can reboot the system. If accidentally pressed, as could happen in the\ncase of a mixed OS environment, this can create the risk of short-term loss of\navailability of systems due to unintentional reboot. In the GNOME graphical\nenvironment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is\nreduced because the user will be prompted before any action is taken.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system is not configured to reboot the system when\nCtrl-Alt-Delete is pressed.\n\n    Check that the ctrl-alt-del.target is masked and not active in the GUI with\nthe following command:\n\n    # grep logout /etc/dconf/local.d/*\n\n    logout=''\n\n    If \\\"logout\\\" is not set to use two single quotations, or is missing, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to disable the Ctrl-Alt-Delete sequence for the GUI\nwith the following command:\n\n    # touch /etc/dconf/db/local.d/00-disable-CAD\n\n    Add the setting to disable the Ctrl-Alt-Delete sequence for GNOME:\n\n    [org/gnome/settings-daemon/plugins/media-keys]\n    logout=''\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-94843\"\n  tag rid: \"SV-104673r1_rule\"\n  tag stig_id: \"RHEL-07-020231\"\n  tag fix_id: \"F-100967r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  unless package('gnome-settings-daemon').installed?\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  else \n    describe command(\"gsettings get org.gnome.settings-daemon.media-keys logout\") do\n      its('stdout.strip') { should cmp \"''\" }\n    end \n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72249</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86873r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040380</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon does not allow authentication using known hosts
-authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not allow authentication using known hosts
 authentication.
 
-    To determine how the SSH daemon&#39;s &quot;IgnoreUserKnownHosts&quot; option is set,
+    To determine how the SSH daemon's "IgnoreUserKnownHosts" option is set,
 run the following command:
 
-    # grep -i IgnoreUserKnownHosts &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i IgnoreUserKnownHosts /etc/ssh/sshd_config
 
     IgnoreUserKnownHosts yes
 
-    If the value is returned as &quot;no&quot;, the returned line is commented out, or
-no output is returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is returned as "no", the returned line is commented out, or
+no output is returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the SSH daemon to not allow authentication using known hosts
 authentication.
 
-    Add the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;, or uncomment the line
-and set the value to &quot;yes&quot;:
+    Add the following line in "/etc/ssh/sshd_config", or uncomment the line
+and set the value to "yes":
 
     IgnoreUserKnownHosts yes
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>315ea05a-1f0d-4e8e-9701-40aef490c8ed</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration IgnoreUserKnownHosts is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73159</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87811r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010119</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72249\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using known hosts\nauthentication.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not allow authentication using known hosts\nauthentication.\n\n    To determine how the SSH daemon's \\\"IgnoreUserKnownHosts\\\" option is set,\nrun the following command:\n\n    # grep -i IgnoreUserKnownHosts /etc/ssh/sshd_config\n\n    IgnoreUserKnownHosts yes\n\n    If the value is returned as \\\"no\\\", the returned line is commented out, or\nno output is returned, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the SSH daemon to not allow authentication using known hosts\nauthentication.\n\n    Add the following line in \\\"/etc/ssh/sshd_config\\\", or uncomment the line\nand set the value to \\\"yes\\\":\n\n    IgnoreUserKnownHosts yes\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72249\"\n  tag rid: \"SV-86873r3_rule\"\n  tag stig_id: \"RHEL-07-040380\"\n  tag fix_id: \"F-78603r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('IgnoreUserKnownHosts') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration IgnoreUserKnownHosts is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73159</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-GPOS-00037</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87811r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010119</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that when passwords are changed or new passwords are established, pwquality
-must be used.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+must be used.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources
 required to compromise the password. Password complexity, or strength, is a
 measure of the effectiveness of a password in resisting attempts at guessing
-and brute-force attacks. &quot;pwquality&quot; enforces complex password construction
-configuration and has the ability to limit brute-force attacks on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system uses &quot;pwquality&quot; to enforce the password
+and brute-force attacks. "pwquality" enforces complex password construction
+configuration and has the ability to limit brute-force attacks on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system uses "pwquality" to enforce the password
 complexity rules.
 
-    Check for the use of &quot;pwquality&quot; with the following command:
+    Check for the use of "pwquality" with the following command:
 
-    # cat &#x2F;etc&#x2F;pam.d&#x2F;system-auth | grep pam_pwquality
+    # cat /etc/pam.d/system-auth | grep pam_pwquality
 
-    password required pam_pwquality.so retry&#x3D;3
+    password required pam_pwquality.so retry=3
 
     If the command does not return an uncommented line containing the value
-&quot;pam_pwquality.so&quot;, this is a finding.
-
-    If the value of &quot;retry&quot; is set to &quot;0&quot; or greater than &quot;3&quot;, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to use &quot;pwquality&quot; to enforce password
+"pam_pwquality.so", this is a finding.
+
+    If the value of "retry" is set to "0" or greater than "3", this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to use "pwquality" to enforce password
 complexity rules.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;pam.d&#x2F;system-auth&quot; (or modify the line to
+    Add the following line to "/etc/pam.d/system-auth" (or modify the line to
 have the required value):
 
-    password required pam_pwquality.so retry&#x3D;3
-
-    Note: The value of &quot;retry&quot; should be between &quot;1&quot; and &quot;3&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>de6b6d0e-c5c3-4337-8119-7a3d2baf67e5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &gt;&#x3D; 1
---------------------------------
-passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &lt;&#x3D; 3</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86681r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    password required pam_pwquality.so retry=3
+
+    Note: The value of "retry" should be between "1" and "3".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73159\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat when passwords are changed or new passwords are established, pwquality\nmust be used.\"\n  desc  \"Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength, is a\nmeasure of the effectiveness of a password in resisting attempts at guessing\nand brute-force attacks. \\\"pwquality\\\" enforces complex password construction\nconfiguration and has the ability to limit brute-force attacks on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system uses \\\"pwquality\\\" to enforce the password\ncomplexity rules.\n\n    Check for the use of \\\"pwquality\\\" with the following command:\n\n    # cat /etc/pam.d/system-auth | grep pam_pwquality\n\n    password required pam_pwquality.so retry=3\n\n    If the command does not return an uncommented line containing the value\n\\\"pam_pwquality.so\\\", this is a finding.\n\n    If the value of \\\"retry\\\" is set to \\\"0\\\" or greater than \\\"3\\\", this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to use \\\"pwquality\\\" to enforce password\ncomplexity rules.\n\n    Add the following line to \\\"/etc/pam.d/system-auth\\\" (or modify the line to\nhave the required value):\n\n    password required pam_pwquality.so retry=3\n\n    Note: The value of \\\"retry\\\" should be between \\\"1\\\" and \\\"3\\\".\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000069-GPOS-00037\"\n  tag gid: \"V-73159\"\n  tag rid: \"SV-87811r4_rule\"\n  tag stig_id: \"RHEL-07-010119\"\n  tag fix_id: \"F-79605r5_fix\"\n  tag cci: [\"CCI-000192\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  max_retry = input('max_retry')\n\n  describe pam('/etc/pam.d/passwd') do\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so') }\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so').all_with_integer_arg('retry', '&gt;=', 1) }\n    its('lines') { should match_pam_rule('password (required|requisite) pam_pwquality.so').all_with_integer_arg('retry', '&lt;=', max_retry) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &gt;= 1
+--------------------------------
+passed :: TEST PAM Config[/etc/pam.d/passwd] lines is expected to include password (required|requisite) pam_pwquality.so, all with arg retry &lt;= 3</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86681r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable Kernel core
-dumps unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+dumps unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Kernel core dumps may contain the full contents of system memory at
 the time of the crash. Kernel core dumps may consume a considerable amount of
 disk space and may result in denial of service by exhausting the available
-space on the target file system partition.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+space on the target file system partition.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that kernel core dumps are disabled unless needed.
 
-    Check the status of the &quot;kdump&quot; service with the following command:
+    Check the status of the "kdump" service with the following command:
 
     # systemctl status kdump.service
     kdump.service - Crash recovery kernel arming
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;kdump.service; enabled)
+       Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled)
        Active: active (exited) since Wed 2015-08-26 13:08:09 EDT; 43min ago
-     Main PID: 1130 (code&#x3D;exited, status&#x3D;0&#x2F;SUCCESS)
+     Main PID: 1130 (code=exited, status=0/SUCCESS)
     kernel arming.
 
-    If the &quot;kdump&quot; service is active, ask the System Administrator if the use
+    If the "kdump" service is active, ask the System Administrator if the use
 of the service is required and documented with the Information System Security
 Officer (ISSO).
 
-    If the service is active and is not documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If kernel core dumps are not required, disable the &quot;kdump&quot; service with
+    If the service is active and is not documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If kernel core dumps are not required, disable the "kdump" service with
 the following command:
 
     # systemctl disable kdump.service
 
-    If kernel core dumps are required, document the need with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b07e2ec8-8ced-438f-8d7f-14a2b64e438c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service kdump.service is expected not to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86713r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If kernel core dumps are required, document the need with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72057\" do\n  title \"The Red Hat Enterprise Linux operating system must disable Kernel core\ndumps unless needed.\"\n  desc  \"Kernel core dumps may contain the full contents of system memory at\nthe time of the crash. Kernel core dumps may consume a considerable amount of\ndisk space and may result in denial of service by exhausting the available\nspace on the target file system partition.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that kernel core dumps are disabled unless needed.\n\n    Check the status of the \\\"kdump\\\" service with the following command:\n\n    # systemctl status kdump.service\n    kdump.service - Crash recovery kernel arming\n       Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled)\n       Active: active (exited) since Wed 2015-08-26 13:08:09 EDT; 43min ago\n     Main PID: 1130 (code=exited, status=0/SUCCESS)\n    kernel arming.\n\n    If the \\\"kdump\\\" service is active, ask the System Administrator if the use\nof the service is required and documented with the Information System Security\nOfficer (ISSO).\n\n    If the service is active and is not documented, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If kernel core dumps are not required, disable the \\\"kdump\\\" service with\nthe following command:\n\n    # systemctl disable kdump.service\n\n    If kernel core dumps are required, document the need with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72057\"\n  tag rid: \"SV-86681r2_rule\"\n  tag stig_id: \"RHEL-07-021300\"\n  tag fix_id: \"F-78409r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe systemd_service('kdump.service') do\n    it { should_not be_running }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service kdump.service is expected not to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72089</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000343-GPOS-00134</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86713r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate an action
 to notify the System Administrator (SA) and Information System Security Officer
 ISSO, at a minimum, when allocated audit record storage volume reaches 75% of
-the repository maximum audit record storage capacity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the repository maximum audit record storage capacity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If security personnel are not notified immediately when storage volume
 reaches 75 percent utilization, they are unable to plan for audit record
-storage capacity expansion.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+storage capacity expansion.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates an action to notify the SA and ISSO
 (at a minimum) when allocated audit record storage volume reaches 75 percent of
 the repository maximum audit record storage capacity.
@@ -29317,34 +28023,34 @@ the repository maximum audit record storage capacity.
     Check the system configuration to determine the partition the audit records
 are being written to with the following command:
 
-    # grep -iw log_file &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    log_file &#x3D; &#x2F;var&#x2F;log&#x2F;audit&#x2F;audit.log
+    # grep -iw log_file /etc/audit/auditd.conf
+    log_file = /var/log/audit/audit.log
 
     Check the size of the partition that audit records are written to (with the
-example being &quot;&#x2F;var&#x2F;log&#x2F;audit&#x2F;&quot;):
+example being "/var/log/audit/"):
 
-    # df -h &#x2F;var&#x2F;log&#x2F;audit&#x2F;
-    0.9G &#x2F;var&#x2F;log&#x2F;audit
+    # df -h /var/log/audit/
+    0.9G /var/log/audit
 
     If the audit records are not being written to a partition specifically
-created for audit records (in this example &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is a separate
+created for audit records (in this example "/var/log/audit" is a separate
 partition), determine the amount of space other files in the partition are
 currently occupying with the following command:
 
     # du -sh &lt;partition&gt;
-    1.8G &#x2F;var
+    1.8G /var
 
     Determine what the threshold is for the system to take action when 75
 percent of the repository maximum audit record storage capacity is reached:
 
-    # grep -iw space_left &#x2F;etc&#x2F;audit&#x2F;auditd.conf
-    space_left &#x3D; 225
+    # grep -iw space_left /etc/audit/auditd.conf
+    space_left = 225
 
-    If the value of the &quot;space_left&quot; keyword is not set to 25 percent of the
-total partition size, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value of the "space_left" keyword is not set to 25 percent of the
+total partition size, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate an action to notify the SA and
 ISSO (at a minimum) when allocated audit record storage volume reaches 75
 percent of the repository maximum audit record storage capacity.
@@ -29352,155 +28058,150 @@ percent of the repository maximum audit record storage capacity.
     Check the system configuration to determine the partition the audit records
 are being written to:
 
-    # grep -iw log_file &#x2F;etc&#x2F;audit&#x2F;auditd.conf
+    # grep -iw log_file /etc/audit/auditd.conf
 
     Determine the size of the partition that audit records are written to (with
-the example being &quot;&#x2F;var&#x2F;log&#x2F;audit&#x2F;&quot;):
-
-    # df -h &#x2F;var&#x2F;log&#x2F;audit&#x2F;
-
-    Set the value of the &quot;space_left&quot; keyword in &quot;&#x2F;etc&#x2F;audit&#x2F;auditd.conf&quot;
-to 25 percent of the partition size.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3c0d2a99-4a27-46a0-9c2b-40a149f6b6a7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Audit Daemon Config space_left.to_i is expected to be &gt;&#x3D; 7676</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72315</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86939r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040810</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+the example being "/var/log/audit/"):
+
+    # df -h /var/log/audit/
+
+    Set the value of the "space_left" keyword in "/etc/audit/auditd.conf"
+to 25 percent of the partition size.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72089\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate an action\nto notify the System Administrator (SA) and Information System Security Officer\nISSO, at a minimum, when allocated audit record storage volume reaches 75% of\nthe repository maximum audit record storage capacity.\"\n  desc  \"If security personnel are not notified immediately when storage volume\nreaches 75 percent utilization, they are unable to plan for audit record\nstorage capacity expansion.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates an action to notify the SA and ISSO\n(at a minimum) when allocated audit record storage volume reaches 75 percent of\nthe repository maximum audit record storage capacity.\n\n    Check the system configuration to determine the partition the audit records\nare being written to with the following command:\n\n    # grep -iw log_file /etc/audit/auditd.conf\n    log_file = /var/log/audit/audit.log\n\n    Check the size of the partition that audit records are written to (with the\nexample being \\\"/var/log/audit/\\\"):\n\n    # df -h /var/log/audit/\n    0.9G /var/log/audit\n\n    If the audit records are not being written to a partition specifically\ncreated for audit records (in this example \\\"/var/log/audit\\\" is a separate\npartition), determine the amount of space other files in the partition are\ncurrently occupying with the following command:\n\n    # du -sh &lt;partition&gt;\n    1.8G /var\n\n    Determine what the threshold is for the system to take action when 75\npercent of the repository maximum audit record storage capacity is reached:\n\n    # grep -iw space_left /etc/audit/auditd.conf\n    space_left = 225\n\n    If the value of the \\\"space_left\\\" keyword is not set to 25 percent of the\ntotal partition size, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate an action to notify the SA and\nISSO (at a minimum) when allocated audit record storage volume reaches 75\npercent of the repository maximum audit record storage capacity.\n\n    Check the system configuration to determine the partition the audit records\nare being written to:\n\n    # grep -iw log_file /etc/audit/auditd.conf\n\n    Determine the size of the partition that audit records are written to (with\nthe example being \\\"/var/log/audit/\\\"):\n\n    # df -h /var/log/audit/\n\n    Set the value of the \\\"space_left\\\" keyword in \\\"/etc/audit/auditd.conf\\\"\nto 25 percent of the partition size.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000343-GPOS-00134\"\n  tag gid: \"V-72089\"\n  tag rid: \"SV-86713r4_rule\"\n  tag stig_id: \"RHEL-07-030330\"\n  tag fix_id: \"F-78441r3_fix\"\n  tag cci: [\"CCI-001855\"]\n  tag nist: [\"AU-5 (1)\", \"Rev_4\"]\n\n  if((f = file(audit_log_dir = command(\"dirname #{auditd_conf.log_file}\").stdout.strip)).directory?)\n    # Fetch partition sizes in 1K blocks for consistency\n    partition_info = command(\"df -B 1K #{audit_log_dir}\").stdout.split(\"\\n\")\n    partition_sz_arr = partition_info.last.gsub(/\\s+/m, ' ').strip.split(\" \")\n\n    # Get partition size\n    partition_sz = partition_sz_arr[1]\n\n    # Convert to MB and get 25%\n    exp_space_left = partition_sz.to_i / 1024 / 4\n\n    describe auditd_conf do\n      its('space_left.to_i') { should be &gt;= exp_space_left }\n    end\n  else\n    describe f.directory? do\n     it { should be true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Audit Daemon Config space_left.to_i is expected to be &gt;= 7676</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72315</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86939r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040810</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system access control program
 must be configured to grant or deny system access to specific hosts and
-services.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+services.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the systems access control program is not configured with
 appropriate rules for allowing and denying access to system network resources,
-services may be accessible to unauthorized hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the &quot;firewalld&quot; package is not installed, ask the System Administrator
+services may be accessible to unauthorized hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the "firewalld" package is not installed, ask the System Administrator
 (SA) if another firewall application (such as iptables) is installed. If an
 application firewall is not installed, this is a finding.
 
-    Verify the system&#39;s access control program is configured to grant or deny
+    Verify the system's access control program is configured to grant or deny
 system access to specific hosts.
 
-    Check to see if &quot;firewalld&quot; is active with the following command:
+    Check to see if "firewalld" is active with the following command:
 
     # systemctl status firewalld
     firewalld.service - firewalld - dynamic firewall daemon
-    Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;firewalld.service; enabled)
+    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
     Active: active (running) since Sun 2014-04-20 14:06:46 BST; 30s ago
 
-    If &quot;firewalld&quot; is active, check to see if it is configured to grant or
+    If "firewalld" is active, check to see if it is configured to grant or
 deny access to specific hosts or services with the following commands:
 
     # firewall-cmd --get-default-zone
     public
 
-    # firewall-cmd --list-all --zone&#x3D;public
+    # firewall-cmd --list-all --zone=public
     public (active)
     target: default
     icmp-block-inversion: no
@@ -29513,282 +28214,272 @@ deny access to specific hosts or services with the following commands:
     forward-ports:
     icmp-blocks:
 
-    If &quot;firewalld&quot; is not active, determine whether &quot;tcpwrappers&quot; is being
-used by checking whether the &quot;hosts.allow&quot; and &quot;hosts.deny&quot; files are empty
+    If "firewalld" is not active, determine whether "tcpwrappers" is being
+used by checking whether the "hosts.allow" and "hosts.deny" files are empty
 with the following commands:
 
-    # ls -al &#x2F;etc&#x2F;hosts.allow
-    rw-r----- 1 root root 9 Aug 2 23:13 &#x2F;etc&#x2F;hosts.allow
+    # ls -al /etc/hosts.allow
+    rw-r----- 1 root root 9 Aug 2 23:13 /etc/hosts.allow
 
-    # ls -al &#x2F;etc&#x2F;hosts.deny
-    -rw-r----- 1 root root 9 Apr 9 2007 &#x2F;etc&#x2F;hosts.deny
+    # ls -al /etc/hosts.deny
+    -rw-r----- 1 root root 9 Apr 9 2007 /etc/hosts.deny
 
-    If &quot;firewalld&quot; and &quot;tcpwrappers&quot; are not installed, configured, and
+    If "firewalld" and "tcpwrappers" are not installed, configured, and
 active, ask the SA if another access control program (such as iptables) is
 installed and active. Ask the SA to show that the running configuration grants
 or denies access to specific hosts or services.
 
-    If &quot;firewalld&quot; is active and is not configured to grant access to
-specific hosts or &quot;tcpwrappers&quot; is not configured to grant or deny access to
-specific hosts, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If &quot;firewalld&quot; is installed and active on the system, configure rules for
+    If "firewalld" is active and is not configured to grant access to
+specific hosts or "tcpwrappers" is not configured to grant or deny access to
+specific hosts, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If "firewalld" is installed and active on the system, configure rules for
 allowing specific services and hosts.
 
-    If &quot;firewalld&quot; is not &quot;active&quot;, enable &quot;tcpwrappers&quot; by configuring
-&quot;&#x2F;etc&#x2F;hosts.allow&quot; and &quot;&#x2F;etc&#x2F;hosts.deny&quot; to allow or deny access to
-specific hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b6037e44-ca74-48b6-a3cd-84422935e4bb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Firewall Rules with services is expected to be in</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72311</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86935r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040750</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If "firewalld" is not "active", enable "tcpwrappers" by configuring
+"/etc/hosts.allow" and "/etc/hosts.deny" to allow or deny access to
+specific hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72315\" do\n  title \"The Red Hat Enterprise Linux operating system access control program\nmust be configured to grant or deny system access to specific hosts and\nservices.\"\n  desc  \"If the systems access control program is not configured with\nappropriate rules for allowing and denying access to system network resources,\nservices may be accessible to unauthorized hosts.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If the \\\"firewalld\\\" package is not installed, ask the System Administrator\n(SA) if another firewall application (such as iptables) is installed. If an\napplication firewall is not installed, this is a finding.\n\n    Verify the system's access control program is configured to grant or deny\nsystem access to specific hosts.\n\n    Check to see if \\\"firewalld\\\" is active with the following command:\n\n    # systemctl status firewalld\n    firewalld.service - firewalld - dynamic firewall daemon\n    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)\n    Active: active (running) since Sun 2014-04-20 14:06:46 BST; 30s ago\n\n    If \\\"firewalld\\\" is active, check to see if it is configured to grant or\ndeny access to specific hosts or services with the following commands:\n\n    # firewall-cmd --get-default-zone\n    public\n\n    # firewall-cmd --list-all --zone=public\n    public (active)\n    target: default\n    icmp-block-inversion: no\n    interfaces: eth0\n    sources:\n    services: mdns ssh\n    ports:\n    protocols:\n    masquerade: no\n    forward-ports:\n    icmp-blocks:\n\n    If \\\"firewalld\\\" is not active, determine whether \\\"tcpwrappers\\\" is being\nused by checking whether the \\\"hosts.allow\\\" and \\\"hosts.deny\\\" files are empty\nwith the following commands:\n\n    # ls -al /etc/hosts.allow\n    rw-r----- 1 root root 9 Aug 2 23:13 /etc/hosts.allow\n\n    # ls -al /etc/hosts.deny\n    -rw-r----- 1 root root 9 Apr 9 2007 /etc/hosts.deny\n\n    If \\\"firewalld\\\" and \\\"tcpwrappers\\\" are not installed, configured, and\nactive, ask the SA if another access control program (such as iptables) is\ninstalled and active. Ask the SA to show that the running configuration grants\nor denies access to specific hosts or services.\n\n    If \\\"firewalld\\\" is active and is not configured to grant access to\nspecific hosts or \\\"tcpwrappers\\\" is not configured to grant or deny access to\nspecific hosts, this is a finding.\n  \"\n  desc  \"fix\", \"\n    If \\\"firewalld\\\" is installed and active on the system, configure rules for\nallowing specific services and hosts.\n\n    If \\\"firewalld\\\" is not \\\"active\\\", enable \\\"tcpwrappers\\\" by configuring\n\\\"/etc/hosts.allow\\\" and \\\"/etc/hosts.deny\\\" to allow or deny access to\nspecific hosts.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72315\"\n  tag rid: \"SV-86939r3_rule\"\n  tag stig_id: \"RHEL-07-040810\"\n  tag fix_id: \"F-78669r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  firewalld_services = input('firewalld_services')\n  firewalld_hosts_allow = input('firewalld_hosts_allow')\n  firewalld_hosts_deny = input('firewalld_hosts_deny')\n  firewalld_ports_allow = input('firewalld_ports_allow')\n  firewalld_ports_deny = input('firewalld_ports_deny')\n  tcpwrappers_allow = input('tcpwrappers_allow')\n  tcpwrappers_deny = input('tcpwrappers_deny')\n  iptable_rules = input('iptables_rules')\n\n  if service('firewalld').running?\n    @default_zone = firewalld.default_zone\n\n    describe firewalld.where{ zone = @default_zone } do\n      its('services') { should be_in firewalld_services }\n    end\n\n    describe firewalld do\n      firewalld_hosts_allow.each do |rule|\n        it { should have_rule_enabled(rule) }\n      end\n      firewalld_hosts_deny.each do |rule|\n        it { should_not have_rule_enabled(rule) }\n      end\n      firewalld_ports_allow.each do |port|\n        it { should have_port_enabled_in_zone(port) }\n      end\n      firewalld_ports_deny.each do |port|\n        it { should_not have_port_enabled_in_zone(port) }\n      end\n    end\n  elsif service('iptables').running?\n    describe iptables do\n      iptable_rules.each do |rule|\n        it { should have_rule(rule) }\n      end\n    end\n  else\n    describe package('tcp_wrappers') do\n      it { should be_installed }\n    end\n    tcpwrappers_allow.each do |rule|\n      describe etc_hosts_allow.where { daemon == rule['daemon'] } do\n        its('client_list') { should be rule['client_list'] }\n        its('options') { should be rule['options'] }\n      end\n    end\n    tcpwrappers_deny.each do |rule|\n      describe etc_hosts_deny.where { daemon == rule['daemon'] } do\n        its('client_list') { should be rule['client_list'] }\n        its('options') { should be rule['options'] }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Firewall Rules with services is expected to be in</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72311</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86935r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040750</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the Network File System (NFS) is configured to use RPCSEC_GSS.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the Network File System (NFS) is configured to use RPCSEC_GSS.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>When an NFS server is configured to use RPCSEC_SYS, a selected userid
 and groupid are used to handle requests from the remote user. The userid and
 groupid could mistakenly or maliciously be set incorrectly. The RPCSEC_GSS
 method of authentication uses certificates on the server and client systems to
-more securely authenticate the remote mount request.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify &quot;AUTH_GSS&quot; is being used to authenticate NFS mounts.
+more securely authenticate the remote mount request.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify "AUTH_GSS" is being used to authenticate NFS mounts.
 
     To check if the system is importing an NFS file system, look for any
-entries in the &quot;&#x2F;etc&#x2F;fstab&quot; file that have a file system type of &quot;nfs&quot; with
+entries in the "/etc/fstab" file that have a file system type of "nfs" with
 the following command:
 
-    # cat &#x2F;etc&#x2F;fstab | grep nfs
-    192.168.21.5:&#x2F;mnt&#x2F;export &#x2F;data1 nfs4 rw,sync ,soft,sec&#x3D;krb5:krb5i:krb5p
+    # cat /etc/fstab | grep nfs
+    192.168.21.5:/mnt/export /data1 nfs4 rw,sync ,soft,sec=krb5:krb5i:krb5p
 
     If the system is mounting file systems via NFS and has the sec option
-without the &quot;krb5:krb5i:krb5p&quot; settings, the &quot;sec&quot; option has the &quot;sys&quot;
-setting, or the &quot;sec&quot; option is missing, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Update the &quot;&#x2F;etc&#x2F;fstab&quot; file so the option &quot;sec&quot; is defined for each
-NFS mounted file system and the &quot;sec&quot; option does not have the &quot;sys&quot;
+without the "krb5:krb5i:krb5p" settings, the "sec" option has the "sys"
+setting, or the "sec" option is missing, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Update the "/etc/fstab" file so the option "sec" is defined for each
+NFS mounted file system and the "sec" option does not have the "sys"
 setting.
 
-    Ensure the &quot;sec&quot; option is defined as &quot;krb5:krb5i:krb5p&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fbe6a409-abcc-4adc-9318-436c25654b32</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71975</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86599r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020040</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Ensure the "sec" option is defined as "krb5:krb5i:krb5p".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72311\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the Network File System (NFS) is configured to use RPCSEC_GSS.\"\n  desc  \"When an NFS server is configured to use RPCSEC_SYS, a selected userid\nand groupid are used to handle requests from the remote user. The userid and\ngroupid could mistakenly or maliciously be set incorrectly. The RPCSEC_GSS\nmethod of authentication uses certificates on the server and client systems to\nmore securely authenticate the remote mount request.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify \\\"AUTH_GSS\\\" is being used to authenticate NFS mounts.\n\n    To check if the system is importing an NFS file system, look for any\nentries in the \\\"/etc/fstab\\\" file that have a file system type of \\\"nfs\\\" with\nthe following command:\n\n    # cat /etc/fstab | grep nfs\n    192.168.21.5:/mnt/export /data1 nfs4 rw,sync ,soft,sec=krb5:krb5i:krb5p\n\n    If the system is mounting file systems via NFS and has the sec option\nwithout the \\\"krb5:krb5i:krb5p\\\" settings, the \\\"sec\\\" option has the \\\"sys\\\"\nsetting, or the \\\"sec\\\" option is missing, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Update the \\\"/etc/fstab\\\" file so the option \\\"sec\\\" is defined for each\nNFS mounted file system and the \\\"sec\\\" option does not have the \\\"sys\\\"\nsetting.\n\n    Ensure the \\\"sec\\\" option is defined as \\\"krb5:krb5i:krb5p\\\".\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72311\"\n  tag rid: \"SV-86935r4_rule\"\n  tag stig_id: \"RHEL-07-040750\"\n  tag fix_id: \"F-78665r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  nfs_systems = etc_fstab.nfs_file_systems.entries\n  if !nfs_systems.nil? and !nfs_systems.empty?\n    nfs_systems.each do |file_system|\n      describe file_system do\n        its ('mount_options') { should include 'sec=krb5:krb5i:krb5p' }\n      end\n    end\n  else\n    describe \"No NFS file systems were found.\" do\n      subject { nfs_systems.nil? or nfs_systems.empty? }\n      it { should eq true }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST No NFS file systems were found. is expected to eq true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71975</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000363-GPOS-00150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86599r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020040</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that designated personnel are notified if baseline configurations are changed
-in an unauthorized manner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+in an unauthorized manner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unauthorized changes to the baseline configuration could make the
 system vulnerable to various attacks or allow unauthorized access to the
 operating system. Changes to operating system configurations can have
@@ -29796,17 +28487,17 @@ unintended side effects, some of which may be relevant to security.
 
     Detecting such changes and providing an automated response can help avoid
 unintended, negative consequences that could ultimately affect the security
-state of the operating system. The operating system&#39;s Information Management
-Officer (IMO)&#x2F;Information System Security Officer (ISSO) and System
-Administrators (SAs) must be notified via email and&#x2F;or monitoring system trap
-when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+state of the operating system. The operating system's Information Management
+Officer (IMO)/Information System Security Officer (ISSO) and System
+Administrators (SAs) must be notified via email and/or monitoring system trap
+when there is an unauthorized modification of a configuration item.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system notifies designated personnel if baseline
 configurations are changed in an unauthorized manner.
 
@@ -29825,32 +28516,32 @@ performed on the system.
 executes AIDE to scan for changes to the system baseline. The commands used in
 the example will use a daily occurrence.
 
-    Check the cron directories for a &quot;crontab&quot; script file controlling the
+    Check the cron directories for a "crontab" script file controlling the
 execution of the file integrity application. For example, if AIDE is installed
 on the system, use the following command:
 
-    # ls -al &#x2F;etc&#x2F;cron.* | grep aide
+    # ls -al /etc/cron.* | grep aide
     -rwxr-xr-x 1 root root 32 Jul 1 2011 aide
 
-    # grep aide &#x2F;etc&#x2F;crontab &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root
-    &#x2F;etc&#x2F;crontab: 30 04 * * * &#x2F;root&#x2F;aide
-    &#x2F;var&#x2F;spool&#x2F;cron&#x2F;root: 30 04 * * * &#x2F;root&#x2F;aide
+    # grep aide /etc/crontab /var/spool/cron/root
+    /etc/crontab: 30 04 * * * /root/aide
+    /var/spool/cron/root: 30 04 * * * /root/aide
 
     AIDE does not have a configuration that will send a notification, so the
 cron job uses the mail application on the system to email the results of the
 file integrity run as in the following example:
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-    #!&#x2F;bin&#x2F;bash
+    # more /etc/cron.daily/aide
+    #!/bin/bash
 
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil
 
     If the file integrity application does not notify designated personnel of
-changes, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+changes, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to notify designated personnel if baseline
 configurations are changed in an unauthorized manner. The AIDE tool can be
 configured to email designated personnel with the use of the cron system.
@@ -29858,140 +28549,134 @@ configured to email designated personnel with the use of the cron system.
     The following example output is generic. It will set cron to run AIDE daily
 and to send email at the completion of the analysis.
 
-    # more &#x2F;etc&#x2F;cron.daily&#x2F;aide
-
-    &#x2F;usr&#x2F;sbin&#x2F;aide --check | &#x2F;bin&#x2F;mail -s &quot;$HOSTNAME - Daily aide integrity
-check run&quot; root@sysname.mil</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4ae0ed42-8f8e-4fa2-a811-c074e5da57b3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-File &#x2F;etc&#x2F;cron.daily&#x2F;aide content is expected to match &#x2F;\&#x2F;bin\&#x2F;mail&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71983</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86607r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # more /etc/cron.daily/aide
+
+    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity
+check run" root@sysname.mil</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71975\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat designated personnel are notified if baseline configurations are changed\nin an unauthorized manner.\"\n  desc  \"Unauthorized changes to the baseline configuration could make the\nsystem vulnerable to various attacks or allow unauthorized access to the\noperating system. Changes to operating system configurations can have\nunintended side effects, some of which may be relevant to security.\n\n    Detecting such changes and providing an automated response can help avoid\nunintended, negative consequences that could ultimately affect the security\nstate of the operating system. The operating system's Information Management\nOfficer (IMO)/Information System Security Officer (ISSO) and System\nAdministrators (SAs) must be notified via email and/or monitoring system trap\nwhen there is an unauthorized modification of a configuration item.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system notifies designated personnel if baseline\nconfigurations are changed in an unauthorized manner.\n\n    Note: A file integrity tool other than Advanced Intrusion Detection\nEnvironment (AIDE) may be used, but the tool must be executed and notify\nspecified individuals via email or an alert.\n\n    Check to see if AIDE is installed on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the SA how file integrity checks are\nperformed on the system.\n\n    Check for the presence of a cron job running routinely on the system that\nexecutes AIDE to scan for changes to the system baseline. The commands used in\nthe example will use a daily occurrence.\n\n    Check the cron directories for a \\\"crontab\\\" script file controlling the\nexecution of the file integrity application. For example, if AIDE is installed\non the system, use the following command:\n\n    # ls -al /etc/cron.* | grep aide\n    -rwxr-xr-x 1 root root 32 Jul 1 2011 aide\n\n    # grep aide /etc/crontab /var/spool/cron/root\n    /etc/crontab: 30 04 * * * /root/aide\n    /var/spool/cron/root: 30 04 * * * /root/aide\n\n    AIDE does not have a configuration that will send a notification, so the\ncron job uses the mail application on the system to email the results of the\nfile integrity run as in the following example:\n\n    # more /etc/cron.daily/aide\n    #!/bin/bash\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n\n    If the file integrity application does not notify designated personnel of\nchanges, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to notify designated personnel if baseline\nconfigurations are changed in an unauthorized manner. The AIDE tool can be\nconfigured to email designated personnel with the use of the cron system.\n\n    The following example output is generic. It will set cron to run AIDE daily\nand to send email at the completion of the analysis.\n\n    # more /etc/cron.daily/aide\n\n    /usr/sbin/aide --check | /bin/mail -s \\\"$HOSTNAME - Daily aide integrity\ncheck run\\\" root@sysname.mil\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000363-GPOS-00150\"\n  tag gid: \"V-71975\"\n  tag rid: \"SV-86599r2_rule\"\n  tag stig_id: \"RHEL-07-020040\"\n  tag fix_id: \"F-78327r3_fix\"\n  tag cci: [\"CCI-001744\"]\n  tag nist: [\"CM-3 (5)\", \"Rev_4\"]\n\n  file_integrity_tool = input('file_integrity_tool')\n\n  describe package(file_integrity_tool) do\n    it { should be_installed }\n  end\n  describe.one do\n    describe file(\"/etc/cron.daily/#{file_integrity_tool}\") do\n      its('content') { should match %r{/bin/mail} }\n    end\n    describe file(\"/etc/cron.weekly/#{file_integrity_tool}\") do\n      its('content') { should match %r{/bin/mail} }\n    end\n    describe crontab('root').where { command =~ %r{#{file_integrity_tool}} } do\n      its('commands.flatten') { should include(match %r{/bin/mail}) }\n    end\n    if file(\"/etc/cron.d/#{file_integrity_tool}\").exist?\n      describe crontab(path: \"/etc/cron.d/#{file_integrity_tool}\") do\n        its('commands') { should include(match %r{/bin/mail}) }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST File /etc/cron.daily/aide content is expected to match /\/bin\/mail/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71983</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000114-GPOS-00059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86607r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-disable USB mass storage.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+disable USB mass storage.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>USB mass storage permits easy introduction of unknown devices, thereby
-facilitating malicious activity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+facilitating malicious activity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If there is an HBSS with a Device Control Module and a Data Loss Prevention
 mechanism, this requirement is not applicable.
 
     Verify the operating system disables the ability to load the USB Storage
 kernel module.
 
-    # grep -r usb-storage &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;&#x2F;bin&#x2F;true&quot; | grep -v
-&quot;^#&quot;
+    # grep -r usb-storage /etc/modprobe.d/* | grep -i "/bin/true" | grep -v
+"^#"
 
-    install usb-storage &#x2F;bin&#x2F;true
+    install usb-storage /bin/true
 
     If the command does not return any output, or the line is commented out,
 and use of USB Storage is not documented with the Information System Security
@@ -30002,612 +28687,589 @@ devices.
 
     Check to see if USB mass storage is disabled with the following command:
 
-    # grep usb-storage &#x2F;etc&#x2F;modprobe.d&#x2F;* | grep -i &quot;blacklist&quot; | grep -v
-&quot;^#&quot;
+    # grep usb-storage /etc/modprobe.d/* | grep -i "blacklist" | grep -v
+"^#"
     blacklist usb-storage
 
-    If the command does not return any output or the output is not &quot;blacklist
-usb-storage&quot;, and use of USB storage devices is not documented with the
+    If the command does not return any output or the output is not "blacklist
+usb-storage", and use of USB storage devices is not documented with the
 Information System Security Officer (ISSO) as an operational requirement, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable the ability to use the USB
 Storage kernel module.
 
-    Create a file under &quot;&#x2F;etc&#x2F;modprobe.d&quot; with the following command:
+    Create a file under "/etc/modprobe.d" with the following command:
 
-    # touch &#x2F;etc&#x2F;modprobe.d&#x2F;usb-storage.conf
+    # touch /etc/modprobe.d/usb-storage.conf
 
     Add the following line to the created file:
 
-    install usb-storage &#x2F;bin&#x2F;true
+    install usb-storage /bin/true
 
     Configure the operating system to disable the ability to use USB mass
 storage devices.
 
-    # vi &#x2F;etc&#x2F;modprobe.d&#x2F;blacklist.conf
+    # vi /etc/modprobe.d/blacklist.conf
 
     Add or update the line:
 
-    blacklist usb-storage</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7c8a7b3e-42c4-4e02-87b2-800c11d0b3ce</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Module usb_storage is expected not to be loaded
---------------------------------
-passed
-Kernel Module usb_storage is expected to be blacklisted</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86759r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030560</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    blacklist usb-storage</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71983\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\ndisable USB mass storage.\"\n  desc  \"USB mass storage permits easy introduction of unknown devices, thereby\nfacilitating malicious activity.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If there is an HBSS with a Device Control Module and a Data Loss Prevention\nmechanism, this requirement is not applicable.\n\n    Verify the operating system disables the ability to load the USB Storage\nkernel module.\n\n    # grep -r usb-storage /etc/modprobe.d/* | grep -i \\\"/bin/true\\\" | grep -v\n\\\"^#\\\"\n\n    install usb-storage /bin/true\n\n    If the command does not return any output, or the line is commented out,\nand use of USB Storage is not documented with the Information System Security\nOfficer (ISSO) as an operational requirement, this is a finding.\n\n    Verify the operating system disables the ability to use USB mass storage\ndevices.\n\n    Check to see if USB mass storage is disabled with the following command:\n\n    # grep usb-storage /etc/modprobe.d/* | grep -i \\\"blacklist\\\" | grep -v\n\\\"^#\\\"\n    blacklist usb-storage\n\n    If the command does not return any output or the output is not \\\"blacklist\nusb-storage\\\", and use of USB storage devices is not documented with the\nInformation System Security Officer (ISSO) as an operational requirement, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable the ability to use the USB\nStorage kernel module.\n\n    Create a file under \\\"/etc/modprobe.d\\\" with the following command:\n\n    # touch /etc/modprobe.d/usb-storage.conf\n\n    Add the following line to the created file:\n\n    install usb-storage /bin/true\n\n    Configure the operating system to disable the ability to use USB mass\nstorage devices.\n\n    # vi /etc/modprobe.d/blacklist.conf\n\n    Add or update the line:\n\n    blacklist usb-storage\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000114-GPOS-00059\"\n  tag satisfies: [\"SRG-OS-000114-GPOS-00059\", \"SRG-OS-000378-GPOS-00163\",\n\"SRG-OS-000480-GPOS-00227\"]\n  tag gid: \"V-71983\"\n  tag rid: \"SV-86607r4_rule\"\n  tag stig_id: \"RHEL-07-020100\"\n  tag fix_id: \"F-78335r4_fix\"\n  tag cci: [\"CCI-000366\", \"CCI-000778\", \"CCI-001958\"]\n  tag nist: [\"CM-6 b\", \"IA-3\", \"IA-3\", \"Rev_4\"]\n\n  describe kernel_module('usb_storage') do\n    it { should_not be_loaded }\n    it { should be_blacklisted }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000778</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Module usb_storage is expected not to be loaded
+--------------------------------
+passed :: TEST Kernel Module usb_storage is expected to be blacklisted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86759r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030560</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the semanage command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the semanage command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;semanage&quot; command occur.
+successful/unsuccessful attempts to use the "semanage" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;sbin&#x2F;semanage &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/sbin/semanage /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;semanage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;semanage&quot; command occur.
+successful/unsuccessful attempts to use the "semanage" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;semanage -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>46d09353-2b3d-41e4-a858-87cdff6bdbc1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;semanage&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;semanage&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86915r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040650</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72135\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe semanage command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"semanage\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/sbin/semanage /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"semanage\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72135\"\n  tag rid: \"SV-86759r4_rule\"\n  tag stig_id: \"RHEL-07-030560\"\n  tag fix_id: \"F-78487r5_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/semanage'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/semanage" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/semanage" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86915r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040650</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not allow
 interfaces to perform Internet Protocol version 4 (IPv4) Internet Control
-Message Protocol (ICMP) redirects by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Message Protocol (ICMP) redirects by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages contain
-information from the system&#39;s route table, possibly revealing portions of the
-network topology.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information from the system's route table, possibly revealing portions of the
+network topology.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not allow interfaces to perform IPv4 ICMP redirects
 by default.
 
-    # grep &#39;net.ipv4.conf.default.send_redirects&#39; &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    If &quot;net.ipv4.conf.default.send_redirects&quot; is not configured in the
-&quot;&#x2F;etc&#x2F;sysctl.conf&quot; file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out
-or does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv4.conf.default.send_redirects" is not configured in the
+"/etc/sysctl.conf" file or in the /etc/sysctl.d/ directory, is commented out
+or does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;default send_redirects&quot;
+    Check that the operating system implements the "default send_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.default.send_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'
 
-    net.ipv4.conf.default.send_redirects &#x3D; 0
+    net.ipv4.conf.default.send_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to not allow interfaces to perform IPv4 ICMP redirects
 by default.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.default.send_redirects &#x3D; 0
+    net.ipv4.conf.default.send_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>051d822a-55df-4796-a763-0a97deb422aa</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.default.send_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86647r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72291\" do\n  title \"The Red Hat Enterprise Linux operating system must not allow\ninterfaces to perform Internet Protocol version 4 (IPv4) Internet Control\nMessage Protocol (ICMP) redirects by default.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages contain\ninformation from the system's route table, possibly revealing portions of the\nnetwork topology.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not allow interfaces to perform IPv4 ICMP redirects\nby default.\n\n    # grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    If \\\"net.ipv4.conf.default.send_redirects\\\" is not configured in the\n\\\"/etc/sysctl.conf\\\" file or in the /etc/sysctl.d/ directory, is commented out\nor does not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"default send_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'\n\n    net.ipv4.conf.default.send_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to not allow interfaces to perform IPv4 ICMP redirects\nby default.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.default.send_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72291\"\n  tag rid: \"SV-86915r4_rule\"\n  tag stig_id: \"RHEL-07-040650\"\n  tag fix_id: \"F-78645r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.default.send_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.default.send_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86647r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all files and directories contained in local interactive user home
-directories are owned by the owner of the home directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directories are owned by the owner of the home directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If local interactive users do not own the files in their directories,
 unauthorized users may be able to access them. Additionally, if files are not
-owned by the user, this could be an indication of system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user&#39;s home
+owned by the user, this could be an indication of system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify all files and directories in a local interactive user's home
 directory are owned by the user.
 
-    Check the owner of all files and directories in a local interactive user&#39;s
+    Check the owner of all files and directories in a local interactive user's
 home directory with the following command:
 
-    Note: The example will be for the user &quot;smithj&quot;, who has a home directory
-of &quot;&#x2F;home&#x2F;smithj&quot;.
+    Note: The example will be for the user "smithj", who has a home directory
+of "/home/smithj".
 
-    # ls -lLR &#x2F;home&#x2F;smithj
+    # ls -lLR /home/smithj
     -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1
     -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2
     -rw-r--r-- 1 smithj smithj 231 Mar  5 17:06 file3
 
     If any files are found with an owner different than the home directory
-user, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the owner of a local interactive user&#39;s files and directories to
-that owner. To change the owner of a local interactive user&#39;s files and
+user, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the owner of a local interactive user's files and directories to
+that owner. To change the owner of a local interactive user's files and
 directories, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;.
-
-    # chown smithj &#x2F;home&#x2F;smithj&#x2F;&lt;file or directory&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>348ba8f2-0db0-49d5-9201-1c4da86002c8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Files and directories that are not owned by the user is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86861r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj".
+
+    # chown smithj /home/smithj/&lt;file or directory&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72023\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories contained in local interactive user home\ndirectories are owned by the owner of the home directory.\"\n  desc  \"If local interactive users do not own the files in their directories,\nunauthorized users may be able to access them. Additionally, if files are not\nowned by the user, this could be an indication of system compromise.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories in a local interactive user's home\ndirectory are owned by the user.\n\n    Check the owner of all files and directories in a local interactive user's\nhome directory with the following command:\n\n    Note: The example will be for the user \\\"smithj\\\", who has a home directory\nof \\\"/home/smithj\\\".\n\n    # ls -lLR /home/smithj\n    -rw-r--r-- 1 smithj smithj  18 Mar  5 17:06 file1\n    -rw-r--r-- 1 smithj smithj 193 Mar  5 17:06 file2\n    -rw-r--r-- 1 smithj smithj 231 Mar  5 17:06 file3\n\n    If any files are found with an owner different than the home directory\nuser, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the owner of a local interactive user's files and directories to\nthat owner. To change the owner of a local interactive user's files and\ndirectories, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\".\n\n    # chown smithj /home/smithj/&lt;file or directory&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72023\"\n  tag rid: \"SV-86647r2_rule\"\n  tag stig_id: \"RHEL-07-020660\"\n  tag fix_id: \"F-78375r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    findings = findings + command(\"find #{user_info.home} -xdev -xautofs -not -user #{user_info.username}\").stdout.split(\"\\n\")\n  end\n  describe \"Files and directories that are not owned by the user\" do\n    subject { findings.to_a }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Files and directories that are not owned by the user is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-GPOS-00072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86861r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all network connections associated with SSH traffic are terminated at the
 end of the session or after 10 minutes of inactivity, except to fulfill
-documented and validated mission requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+documented and validated mission requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Terminating an idle SSH session within a short time period reduces the
 window of opportunity for unauthorized personnel to take control of a
 management session enabled on the console or console port that has been left
@@ -30615,169 +29277,162 @@ unattended. In addition, quickly terminating an idle SSH session will also free
 up resources committed by the managed network element.
 
     Terminating network connections associated with communications sessions
-includes, for example, de-allocating associated TCP&#x2F;IP address&#x2F;port pairs at
+includes, for example, de-allocating associated TCP/IP address/port pairs at
 the operating system level and de-allocating networking assignments at the
 application level if multiple application sessions are using a single operating
 system-level network connection. This does not mean that the operating system
 terminates all sessions or network access; it only ends the inactive session
-and releases the resources associated with that session.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+and releases the resources associated with that session.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system automatically terminates a user session after
 inactivity time-outs have expired.
 
-    Check for the value of the &quot;ClientAliveInterval&quot; keyword with the
+    Check for the value of the "ClientAliveInterval" keyword with the
 following command:
 
-    # grep -iw clientaliveinterval &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -iw clientaliveinterval /etc/ssh/sshd_config
 
     ClientAliveInterval 600
 
-    If &quot;ClientAliveInterval&quot; is not configured, commented out, or has a value
-of &quot;0&quot;, this is a finding.
+    If "ClientAliveInterval" is not configured, commented out, or has a value
+of "0", this is a finding.
 
-    If &quot;ClientAliveInterval&quot; has a value that is greater than &quot;600&quot; and is
+    If "ClientAliveInterval" has a value that is greater than "600" and is
 not documented with the Information System Security Officer (ISSO) as an
-operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to automatically terminate a user session
 after inactivity time-outs have expired or at shutdown.
 
     Add the following line (or modify the line to have the required value) to
-the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file (this file may be named differently or be in
+the "/etc/ssh/sshd_config" file (this file may be named differently or be in
 a different location if using a version of SSH that is provided by a
 third-party vendor):
 
     ClientAliveInterval 600
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>42dd65b5-d911-4178-bdb8-887fb4d81b9c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration ClientAliveInterval.to_i is expected to cmp &gt;&#x3D; 1
---------------------------------
-passed
-SSHD Configuration ClientAliveInterval.to_i is expected to cmp &lt;&#x3D; 600
---------------------------------
-passed
-SSHD Configuration ClientAliveInterval is expected not to eq nil</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71989</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86613r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable SELinux.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72237\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all network connections associated with SSH traffic are terminated at the\nend of the session or after 10 minutes of inactivity, except to fulfill\ndocumented and validated mission requirements.\"\n  desc  \"Terminating an idle SSH session within a short time period reduces the\nwindow of opportunity for unauthorized personnel to take control of a\nmanagement session enabled on the console or console port that has been left\nunattended. In addition, quickly terminating an idle SSH session will also free\nup resources committed by the managed network element.\n\n    Terminating network connections associated with communications sessions\nincludes, for example, de-allocating associated TCP/IP address/port pairs at\nthe operating system level and de-allocating networking assignments at the\napplication level if multiple application sessions are using a single operating\nsystem-level network connection. This does not mean that the operating system\nterminates all sessions or network access; it only ends the inactive session\nand releases the resources associated with that session.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system automatically terminates a user session after\ninactivity time-outs have expired.\n\n    Check for the value of the \\\"ClientAliveInterval\\\" keyword with the\nfollowing command:\n\n    # grep -iw clientaliveinterval /etc/ssh/sshd_config\n\n    ClientAliveInterval 600\n\n    If \\\"ClientAliveInterval\\\" is not configured, commented out, or has a value\nof \\\"0\\\", this is a finding.\n\n    If \\\"ClientAliveInterval\\\" has a value that is greater than \\\"600\\\" and is\nnot documented with the Information System Security Officer (ISSO) as an\noperational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to automatically terminate a user session\nafter inactivity time-outs have expired or at shutdown.\n\n    Add the following line (or modify the line to have the required value) to\nthe \\\"/etc/ssh/sshd_config\\\" file (this file may be named differently or be in\na different location if using a version of SSH that is provided by a\nthird-party vendor):\n\n    ClientAliveInterval 600\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000163-GPOS-00072\"\n  tag satisfies: [\"SRG-OS-000163-GPOS-00072\", \"SRG-OS-000279-GPOS-00109\"]\n  tag gid: \"V-72237\"\n  tag rid: \"SV-86861r4_rule\"\n  tag stig_id: \"RHEL-07-040320\"\n  tag fix_id: \"F-78591r2_fix\"\n  tag cci: [\"CCI-001133\", \"CCI-002361\"]\n  tag nist: [\"SC-10\", \"AC-12\", \"Rev_4\"]\n\n  client_alive_interval = input('client_alive_interval')\n\n  #This may show slightly confusing results when a ClientAliveInterValue is not\n  #specified. Specifically, because the value will be nil and when you try to\n  #convert it to an integer using to_i it will convert it to 0 and pass the\n  #&lt;= client_alive_interval check. However, the control as a whole will still fail.\n  describe sshd_config do\n    its(\"ClientAliveInterval.to_i\"){should cmp &gt;= 1}\n    its(\"ClientAliveInterval.to_i\"){should cmp &lt;= client_alive_interval}\n    its(\"ClientAliveInterval\"){should_not eq nil}\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration ClientAliveInterval.to_i is expected to cmp &gt;= 1
+--------------------------------
+passed :: TEST SSHD Configuration ClientAliveInterval.to_i is expected to cmp &lt;= 600
+--------------------------------
+passed :: TEST SSHD Configuration ClientAliveInterval is expected not to eq nil</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71989</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000445-GPOS-00199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86613r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable SELinux.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without verification of the security functions, security functions may
 not operate correctly and the failure may go unnoticed. Security function is
-defined as the hardware, software, and&#x2F;or firmware of the information system
+defined as the hardware, software, and/or firmware of the information system
 responsible for enforcing the system security policy and supporting the
 isolation of code and data on which the protection is based. Security
 functionality includes, but is not limited to, establishing system accounts,
@@ -30785,1431 +29440,1358 @@ configuring access authorizations (i.e., permissions, privileges), setting
 events to be audited, and setting intrusion detection parameters.
 
     This requirement applies to operating systems performing security function
-verification&#x2F;testing and&#x2F;or systems and environments that require this
-functionality.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+verification/testing and/or systems and environments that require this
+functionality.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system verifies correct operation of all security
 functions.
 
-    Check if &quot;SELinux&quot; is active and in &quot;Enforcing&quot; mode with the following
+    Check if "SELinux" is active and in "Enforcing" mode with the following
 command:
 
     # getenforce
     Enforcing
 
-    If &quot;SELinux&quot; is not active and not in &quot;Enforcing&quot; mode, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "SELinux" is not active and not in "Enforcing" mode, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify correct operation of all security
 functions.
 
-    Set the &quot;SELinux&quot; status and the &quot;Enforcing&quot; mode by modifying the
-&quot;&#x2F;etc&#x2F;selinux&#x2F;config&quot; file to have the following line:
-
-    SELINUX&#x3D;enforcing
-
-    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>97d39031-5fe8-4f9f-b003-6991b40f09cc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;getenforce&#x60; stdout.strip is expected to eq &quot;Enforcing&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95727r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Set the "SELinux" status and the "Enforcing" mode by modifying the
+"/etc/selinux/config" file to have the following line:
+
+    SELINUX=enforcing
+
+    A reboot is required for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71989\" do\n  title \"The Red Hat Enterprise Linux operating system must enable SELinux.\"\n  desc  \"Without verification of the security functions, security functions may\nnot operate correctly and the failure may go unnoticed. Security function is\ndefined as the hardware, software, and/or firmware of the information system\nresponsible for enforcing the system security policy and supporting the\nisolation of code and data on which the protection is based. Security\nfunctionality includes, but is not limited to, establishing system accounts,\nconfiguring access authorizations (i.e., permissions, privileges), setting\nevents to be audited, and setting intrusion detection parameters.\n\n    This requirement applies to operating systems performing security function\nverification/testing and/or systems and environments that require this\nfunctionality.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system verifies correct operation of all security\nfunctions.\n\n    Check if \\\"SELinux\\\" is active and in \\\"Enforcing\\\" mode with the following\ncommand:\n\n    # getenforce\n    Enforcing\n\n    If \\\"SELinux\\\" is not active and not in \\\"Enforcing\\\" mode, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify correct operation of all security\nfunctions.\n\n    Set the \\\"SELinux\\\" status and the \\\"Enforcing\\\" mode by modifying the\n\\\"/etc/selinux/config\\\" file to have the following line:\n\n    SELINUX=enforcing\n\n    A reboot is required for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000445-GPOS-00199\"\n  tag gid: \"V-71989\"\n  tag rid: \"SV-86613r3_rule\"\n  tag stig_id: \"RHEL-07-020210\"\n  tag fix_id: \"F-78341r2_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002696\"]\n  tag nist: [\"AC-3 (4)\", \"SI-6 a\", \"Rev_4\"]\n\n  describe command('getenforce') do\n    its('stdout.strip') { should eq 'Enforcing' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `getenforce` stdout.strip is expected to eq "Enforcing"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-GPOS-00133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95727r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured to
-use the au-remote plugin.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+use the au-remote plugin.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Information stored in one location is vulnerable to accidental or
 incidental deletion or alteration.
 
     Off-loading is a common process in information systems with limited audit
 storage capacity.
 
-    Without the configuration of the &quot;au-remote&quot; plugin, the audisp-remote
-daemon will not off-load the logs from the system being audited.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the &quot;au-remote&quot; plugin is active on the system:
-
-    # grep &quot;active&quot; &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf
-
-    active &#x3D; yes
-
-    If the &quot;active&quot; setting is not set to &quot;yes&quot;, or the line is commented
-out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Edit the &#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf file and change the value of
-&quot;active&quot; to &quot;yes&quot;.
+    Without the configuration of the "au-remote" plugin, the audisp-remote
+daemon will not off-load the logs from the system being audited.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the "au-remote" plugin is active on the system:
+
+    # grep "active" /etc/audisp/plugins.d/au-remote.conf
+
+    active = yes
+
+    If the "active" setting is not set to "yes", or the line is commented
+out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Edit the /etc/audisp/plugins.d/au-remote.conf file and change the value of
+"active" to "yes".
 
     The audit daemon must be restarted for changes to take effect:
 
-    # service auditd restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2efbb361-0752-4d96-ad7d-92cb69aace4b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This test cannot be checked in a automated fashion and you must check it manually
-File &#39;&#x2F;etc&#x2F;audisp&#x2F;plugins.d&#x2F;au-remote.conf&#39; cannot be found. This check must be performed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72003</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86627r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # service auditd restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81015\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured to\nuse the au-remote plugin.\"\n  desc  \"Information stored in one location is vulnerable to accidental or\nincidental deletion or alteration.\n\n    Off-loading is a common process in information systems with limited audit\nstorage capacity.\n\n    Without the configuration of the \\\"au-remote\\\" plugin, the audisp-remote\ndaemon will not off-load the logs from the system being audited.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the \\\"au-remote\\\" plugin is active on the system:\n\n    # grep \\\"active\\\" /etc/audisp/plugins.d/au-remote.conf\n\n    active = yes\n\n    If the \\\"active\\\" setting is not set to \\\"yes\\\", or the line is commented\nout, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Edit the /etc/audisp/plugins.d/au-remote.conf file and change the value of\n\\\"active\\\" to \\\"yes\\\".\n\n    The audit daemon must be restarted for changes to take effect:\n\n    # service auditd restart\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000342-GPOS-00133\"\n  tag satisfies: [\"SRG-OS-000342-GPOS-00133\", \"SRG-OS-000479-GPOS-00224\"]\n  tag gid: \"V-81015\"\n  tag rid: \"SV-95727r1_rule\"\n  tag stig_id: \"RHEL-07-030200\"\n  tag fix_id: \"F-87849r2_fix\"\n  tag cci: [\"CCI-001851\"]\n  tag nist: [\"AU-4 (1)\", \"Rev_4\"]\n\n  test_file = '/etc/audisp/plugins.d/au-remote.conf'\n\n  if file(test_file).exist?\n    describe parse_config_file(test_file) do\n      its('active') { should match %r{yes$} }\n    end\n  else\n    describe \"File '#{test_file}' cannot be found. This test cannot be checked in a automated fashion and you must check it manually\" do\n      skip \"File '#{test_file}' cannot be found. This check must be performed manually\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually :: SKIP_MESSAGE File '/etc/audisp/plugins.d/au-remote.conf' cannot be found. This check must be performed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000104-GPOS-00051</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86627r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all Group Identifiers (GIDs) referenced in the &#x2F;etc&#x2F;passwd file are
-defined in the &#x2F;etc&#x2F;group file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all Group Identifiers (GIDs) referenced in the /etc/passwd file are
+defined in the /etc/group file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a user is assigned the GID of a group not existing on the system,
 and a group with the GID is subsequently created, the user may have unintended
-rights to any files associated with the group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify all GIDs referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file are defined in the
-&quot;&#x2F;etc&#x2F;group&quot; file.
+rights to any files associated with the group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify all GIDs referenced in the "/etc/passwd" file are defined in the
+"/etc/group" file.
 
     Check that all referenced GIDs exist with the following command:
 
     # pwck -r
 
-    If GIDs referenced in &quot;&#x2F;etc&#x2F;passwd&quot; file are returned as not defined in
-&quot;&#x2F;etc&#x2F;group&quot; file, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If GIDs referenced in "/etc/passwd" file are returned as not defined in
+"/etc/group" file, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to define all GIDs found in the
-&quot;&#x2F;etc&#x2F;passwd&quot; file by modifying the &quot;&#x2F;etc&#x2F;group&quot; file to add any
-non-existent group referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file, or change the GIDs
-referenced in the &quot;&#x2F;etc&#x2F;passwd&quot; file to a group that exists in
-&quot;&#x2F;etc&#x2F;group&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>40d5db8b-703a-4e85-934f-744a67b933a7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 1
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 2
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 4
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 7
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 12
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 0
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 99
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 192
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 81
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 998
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 74
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 89
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 995
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 1000
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 59
---------------------------------
-passed
-&#x2F;etc&#x2F;group gids is expected to include 993</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-92251</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-102353r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040611</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/passwd" file by modifying the "/etc/group" file to add any
+non-existent group referenced in the "/etc/passwd" file, or change the GIDs
+referenced in the "/etc/passwd" file to a group that exists in
+"/etc/group".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72003\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all Group Identifiers (GIDs) referenced in the /etc/passwd file are\ndefined in the /etc/group file.\"\n  desc  \"If a user is assigned the GID of a group not existing on the system,\nand a group with the GID is subsequently created, the user may have unintended\nrights to any files associated with the group.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all GIDs referenced in the \\\"/etc/passwd\\\" file are defined in the\n\\\"/etc/group\\\" file.\n\n    Check that all referenced GIDs exist with the following command:\n\n    # pwck -r\n\n    If GIDs referenced in \\\"/etc/passwd\\\" file are returned as not defined in\n\\\"/etc/group\\\" file, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system to define all GIDs found in the\n\\\"/etc/passwd\\\" file by modifying the \\\"/etc/group\\\" file to add any\nnon-existent group referenced in the \\\"/etc/passwd\\\" file, or change the GIDs\nreferenced in the \\\"/etc/passwd\\\" file to a group that exists in\n\\\"/etc/group\\\".\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000104-GPOS-00051\"\n  tag gid: \"V-72003\"\n  tag rid: \"SV-86627r2_rule\"\n  tag stig_id: \"RHEL-07-020300\"\n  tag fix_id: \"F-78355r1_fix\"\n  tag cci: [\"CCI-000764\"]\n  tag nist: [\"IA-2\", \"Rev_4\"]\n\n  passwd.gids.each do |gid|\n    describe etc_group do\n      its('gids') { should include gid.to_i }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 1
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 2
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 4
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 7
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 12
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 0
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 99
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 192
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 81
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 998
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 74
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 89
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 995
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 1000
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 59
+--------------------------------
+passed :: TEST /etc/group gids is expected to include 993</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-92251</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-102353r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040611</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a reverse-path
-filter for IPv4 network traffic when possible on all interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+filter for IPv4 network traffic when possible on all interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enabling reverse path filtering drops packets with source addresses
 that should not have been able to be received on the interface they were
 received on. It should not be used on systems which are routers for complicated
-networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+networks, but is helpful for end hosts and routers serving small networks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system uses a reverse-path filter for IPv4:
 
-    # grep net.ipv4.conf.all.rp_filter &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    # grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+    net.ipv4.conf.all.rp_filter = 1
 
-    If &quot;net.ipv4.conf.all.rp_filter&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;1&quot;, this is a finding.
+    If "net.ipv4.conf.all.rp_filter" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "1", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.all.rp_filter
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    # /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter
+    net.ipv4.conf.all.rp_filter = 1
 
-    If the returned line does not have a value of &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.rp_filter &#x3D; 1
+    net.ipv4.conf.all.rp_filter = 1
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>354c1e5e-8a78-4bd9-b395-f39111132bc6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.rp_filter value is expected to eq 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86813r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030830</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-92251\" do\n  title \"The Red Hat Enterprise Linux operating system must use a reverse-path\nfilter for IPv4 network traffic when possible on all interfaces.\"\n  desc  \"Enabling reverse path filtering drops packets with source addresses\nthat should not have been able to be received on the interface they were\nreceived on. It should not be used on systems which are routers for complicated\nnetworks, but is helpful for end hosts and routers serving small networks.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system uses a reverse-path filter for IPv4:\n\n    # grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/*\n    net.ipv4.conf.all.rp_filter = 1\n\n    If \\\"net.ipv4.conf.all.rp_filter\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"1\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter\n    net.ipv4.conf.all.rp_filter = 1\n\n    If the returned line does not have a value of \\\"1\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.rp_filter = 1\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-92251\"\n  tag rid: \"SV-102353r1_rule\"\n  tag stig_id: \"RHEL-07-040611\"\n  tag fix_id: \"F-98473r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.rp_filter') do\n    its('value') { should eq 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.rp_filter value is expected to eq 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000471-GPOS-00216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86813r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030830</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the delete_module syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the delete_module syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;delete_module&quot; syscall occur.
+successful/unsuccessful attempts to use the "delete_module" syscall occur.
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw delete_module &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw delete_module /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S delete_module -k module-change
+    -a always,exit -F arch=b32 -S delete_module -k module-change
 
-    -a always,exit -F arch&#x3D;b64 -S delete_module -k module-change
+    -a always,exit -F arch=b64 -S delete_module -k module-change
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;delete_module&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"delete_module" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;delete_module&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S delete_module -k module-change
-
-    -a always,exit -F arch&#x3D;b64 -S delete_module -k module-change
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eb43ddd7-0c0a-476f-8913-2446c0b67214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;delete_module&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73175</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87827r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040641</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "delete_module" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S delete_module -k module-change
+
+    -a always,exit -F arch=b64 -S delete_module -k module-change
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72189\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe delete_module syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"delete_module\\\" syscall occur.\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw delete_module /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S delete_module -k module-change\n\n    -a always,exit -F arch=b64 -S delete_module -k module-change\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"delete_module\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"delete_module\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S delete_module -k module-change\n\n    -a always,exit -F arch=b64 -S delete_module -k module-change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000471-GPOS-00216\"\n  tag satisfies: [\"SRG-OS-000471-GPOS-00216\", \"SRG-OS-000477-GPOS-00222\"]\n  tag gid: \"V-72189\"\n  tag rid: \"SV-86813r5_rule\"\n  tag stig_id: \"RHEL-07-030830\"\n  tag fix_id: \"F-78543r7_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"delete_module\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"delete_module\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "delete_module" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73175</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87827r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040641</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must ignore Internet
 Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect
-messages.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+messages.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages modify the
-host&#39;s route table and are unauthenticated. An illicit ICMP redirect message
-could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+host's route table and are unauthenticated. An illicit ICMP redirect message
+could result in a man-in-the-middle attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system ignores IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.all.accept_redirects&#39; &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot; net.ipv4.conf.all.accept_redirects &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.all.accept_redirects " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;accept_redirects&quot;
+    Check that the operating system implements the "accept_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.all.accept_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'
 
-    net.ipv4.conf.all.accept_redirects &#x3D; 0
+    net.ipv4.conf.all.accept_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to ignore IPv4 ICMP redirect messages by adding the
-following line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the
-&#x2F;etc&#x2F;sysctl.d&#x2F; directory (or modify the line to have the required value):
+following line to "/etc/sysctl.conf" or a configuration file in the
+/etc/sysctl.d/ directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.accept_redirects &#x3D; 0
+    net.ipv4.conf.all.accept_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0214b26a-eafa-4016-892d-30e4dc843f3d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.accept_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72261</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86885r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73175\" do\n  title \"The Red Hat Enterprise Linux operating system must ignore Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect\nmessages.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages modify the\nhost's route table and are unauthenticated. An illicit ICMP redirect message\ncould result in a man-in-the-middle attack.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system ignores IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\" net.ipv4.conf.all.accept_redirects \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"accept_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'\n\n    net.ipv4.conf.all.accept_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to ignore IPv4 ICMP redirect messages by adding the\nfollowing line to \\\"/etc/sysctl.conf\\\" or a configuration file in the\n/etc/sysctl.d/ directory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.accept_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-73175\"\n  tag rid: \"SV-87827r4_rule\"\n  tag stig_id: \"RHEL-07-040641\"\n  tag fix_id: \"F-79621r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.accept_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.accept_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72261</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000364-GPOS-00151</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86885r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not permit Kerberos authentication unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not permit Kerberos authentication unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Kerberos authentication for SSH is often implemented using Generic
 Security Service Application Program Interface (GSSAPI). If Kerberos is enabled
-through SSH, the SSH daemon provides a means of access to the system&#39;s Kerberos
-implementation. Vulnerabilities in the system&#39;s Kerberos implementation may
+through SSH, the SSH daemon provides a means of access to the system's Kerberos
+implementation. Vulnerabilities in the system's Kerberos implementation may
 then be subject to exploitation. To reduce the attack surface of the system,
 the Kerberos authentication mechanism within SSH must be disabled for systems
-not using this capability.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+not using this capability.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon does not permit Kerberos to authenticate passwords
 unless approved.
 
     Check that the SSH daemon does not permit Kerberos to authenticate
 passwords with the following command:
 
-    # grep -i kerberosauth &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i kerberosauth /etc/ssh/sshd_config
     KerberosAuthentication no
 
-    If the &quot;KerberosAuthentication&quot; keyword is missing, or is set to &quot;yes&quot;
+    If the "KerberosAuthentication" keyword is missing, or is set to "yes"
 and is not documented with the Information System Security Officer (ISSO), or
-the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;KerberosAuthentication&quot; keyword in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "KerberosAuthentication" keyword in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor) and set the value to &quot;no&quot;:
+vendor) and set the value to "no":
 
     KerberosAuthentication no
 
     The SSH service must be restarted for changes to take effect.
 
     If Kerberos authentication is required, it must be documented, to include
-the location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>682b993c-c8af-4e04-853a-9c40a58ef39f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration KerberosAuthentication is expected to cmp &#x3D;&#x3D; &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72171</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86795r7_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030740</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+the location of the configuration file, with the ISSO.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72261\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not permit Kerberos authentication unless needed.\"\n  desc  \"Kerberos authentication for SSH is often implemented using Generic\nSecurity Service Application Program Interface (GSSAPI). If Kerberos is enabled\nthrough SSH, the SSH daemon provides a means of access to the system's Kerberos\nimplementation. Vulnerabilities in the system's Kerberos implementation may\nthen be subject to exploitation. To reduce the attack surface of the system,\nthe Kerberos authentication mechanism within SSH must be disabled for systems\nnot using this capability.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon does not permit Kerberos to authenticate passwords\nunless approved.\n\n    Check that the SSH daemon does not permit Kerberos to authenticate\npasswords with the following command:\n\n    # grep -i kerberosauth /etc/ssh/sshd_config\n    KerberosAuthentication no\n\n    If the \\\"KerberosAuthentication\\\" keyword is missing, or is set to \\\"yes\\\"\nand is not documented with the Information System Security Officer (ISSO), or\nthe returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"KerberosAuthentication\\\" keyword in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor) and set the value to \\\"no\\\":\n\n    KerberosAuthentication no\n\n    The SSH service must be restarted for changes to take effect.\n\n    If Kerberos authentication is required, it must be documented, to include\nthe location of the configuration file, with the ISSO.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000364-GPOS-00151\"\n  tag gid: \"V-72261\"\n  tag rid: \"SV-86885r3_rule\"\n  tag stig_id: \"RHEL-07-040440\"\n  tag fix_id: \"F-78615r2_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('KerberosAuthentication') { should cmp 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration KerberosAuthentication is expected to cmp == "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72171</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86795r7_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030740</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the mount command and syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the mount command and syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged mount commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;mount&quot; command and syscall occur.
+successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
     Check that the following system call is being audited by performing the
 following series of commands to check the file system rules in
-&quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+"/etc/audit/audit.rules":
 
-    # grep -iw &quot;mount&quot; &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw "mount" /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F arch&#x3D;b64 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;mount&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"mount" syscall, this is a finding.
 
-    If all uses of the &quot;mount&quot; command are not being audited, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If all uses of the "mount" command are not being audited, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;mount&quot; command and syscall occur.
+successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F arch&#x3D;b64 -S mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;mount -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-mount
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3e996687-84ca-4ea3-835b-50056e823ff6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;mount&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with path &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;mount&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with path &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;mount&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81011</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95723r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount &#x2F;dev&#x2F;shm with
-the nosuid option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;nosuid&quot; mount option causes the system to not execute
-&quot;setuid&quot; and &quot;setgid&quot; files with owner privileges. This option must be used
-for mounting any file system not containing approved &quot;setuid&quot; and &quot;setguid&quot;
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72171\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe mount command and syscall.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged mount commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"mount\\\" command and syscall occur.\n\n    Check that the following system call is being audited by performing the\nfollowing series of commands to check the file system rules in\n\\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw \\\"mount\\\" /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"mount\\\" syscall, this is a finding.\n\n    If all uses of the \\\"mount\\\" command are not being audited, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"mount\\\" command and syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n    -a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-mount\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72171\"\n  tag rid: \"SV-86795r7_rule\"\n  tag stig_id: \"RHEL-07-030740\"\n  tag fix_id: \"F-78525r9_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"mount\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"mount\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\n\n  describe auditd.path(\"/usr/bin/mount\") do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "mount" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "mount" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with path == "/usr/bin/mount" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with path == "/usr/bin/mount" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81011</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000368-GPOS-00154</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95723r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must mount /dev/shm with
+the nosuid option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "nosuid" mount option causes the system to not execute
+"setuid" and "setgid" files with owner privileges. This option must be used
+for mounting any file system not containing approved "setuid" and "setguid"
 files. Executing files from untrusted file systems increases the opportunity
-for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;nosuid&quot; option is configured for &#x2F;dev&#x2F;shm:
+for unprivileged users to attain unauthorized administrative access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "nosuid" option is configured for /dev/shm:
 
-    # cat &#x2F;etc&#x2F;fstab | grep &#x2F;dev&#x2F;shm
+    # cat /etc/fstab | grep /dev/shm
 
-    tmpfs &#x2F;dev&#x2F;shm tmpfs defaults,nodev,nosuid,noexec 0 0
+    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
 
-    If any results are returned and the &quot;nosuid&quot; option is not listed, this
+    If any results are returned and the "nosuid" option is not listed, this
 is a finding.
 
-    Verify &quot;&#x2F;dev&#x2F;shm&quot; is mounted with the &quot;nosuid&quot; option:
-
-    # mount | grep &quot;&#x2F;dev&#x2F;shm&quot; | grep nosuid
-
-    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the system so that &#x2F;dev&#x2F;shm is mounted with the
-&quot;nosuid&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>24a0fd48-9ee7-4fb0-b1bf-328bb397abe0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;dev&#x2F;shm options is expected to include &quot;nosuid&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72001</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86625r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Verify "/dev/shm" is mounted with the "nosuid" option:
+
+    # mount | grep "/dev/shm" | grep nosuid
+
+    If no results are returned, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the system so that /dev/shm is mounted with the
+"nosuid" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81011\" do\n  title \"The Red Hat Enterprise Linux operating system must mount /dev/shm with\nthe nosuid option.\"\n  desc  \"The \\\"nosuid\\\" mount option causes the system to not execute\n\\\"setuid\\\" and \\\"setgid\\\" files with owner privileges. This option must be used\nfor mounting any file system not containing approved \\\"setuid\\\" and \\\"setguid\\\"\nfiles. Executing files from untrusted file systems increases the opportunity\nfor unprivileged users to attain unauthorized administrative access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"nosuid\\\" option is configured for /dev/shm:\n\n    # cat /etc/fstab | grep /dev/shm\n\n    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0\n\n    If any results are returned and the \\\"nosuid\\\" option is not listed, this\nis a finding.\n\n    Verify \\\"/dev/shm\\\" is mounted with the \\\"nosuid\\\" option:\n\n    # mount | grep \\\"/dev/shm\\\" | grep nosuid\n\n    If no results are returned, this is a finding.\n  \"\n  desc  \"fix\", \"Configure the system so that /dev/shm is mounted with the\n\\\"nosuid\\\" option.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000368-GPOS-00154\"\n  tag gid: \"V-81011\"\n  tag rid: \"SV-95723r2_rule\"\n  tag stig_id: \"RHEL-07-021023\"\n  tag fix_id: \"F-87845r2_fix\"\n  tag cci: [\"CCI-001764\"]\n  tag nist: [\"CM-7 (2)\", \"Rev_4\"]\n\n  describe mount('/dev/shm') do\n    its('options') { should include 'nosuid' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /dev/shm options is expected to include "nosuid"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86625r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have
-unnecessary accounts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+unnecessary accounts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Accounts providing no operational purpose provide additional
 opportunities for system compromise. Unnecessary accounts include user accounts
 for individuals not requiring access to the system and application accounts for
-applications not installed on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+applications not installed on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all accounts on the system are assigned to an active system,
 application, or user account.
 
@@ -32218,207 +30800,174 @@ Security Officer (ISSO).
 
     Check the system accounts on the system with the following command:
 
-    # more &#x2F;etc&#x2F;passwd
-    root:x:0:0:root:&#x2F;root:&#x2F;bin&#x2F;bash
-    bin:x:1:1:bin:&#x2F;bin:&#x2F;sbin&#x2F;nologin
-    daemon:x:2:2:daemon:&#x2F;sbin:&#x2F;sbin&#x2F;nologin
-    sync:x:5:0:sync:&#x2F;sbin:&#x2F;bin&#x2F;sync
-    shutdown:x:6:0:shutdown:&#x2F;sbin:&#x2F;sbin&#x2F;shutdown
-    halt:x:7:0:halt:&#x2F;sbin:&#x2F;sbin&#x2F;halt
-    games:x:12:100:games:&#x2F;usr&#x2F;games:&#x2F;sbin&#x2F;nologin
-    gopher:x:13:30:gopher:&#x2F;var&#x2F;gopher:&#x2F;sbin&#x2F;nologin
-
-    Accounts such as &quot;games&quot; and &quot;gopher&quot; are not authorized accounts as
+    # more /etc/passwd
+    root:x:0:0:root:/root:/bin/bash
+    bin:x:1:1:bin:/bin:/sbin/nologin
+    daemon:x:2:2:daemon:/sbin:/sbin/nologin
+    sync:x:5:0:sync:/sbin:/bin/sync
+    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+    halt:x:7:0:halt:/sbin:/sbin/halt
+    games:x:12:100:games:/usr/games:/sbin/nologin
+    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
+
+    Accounts such as "games" and "gopher" are not authorized accounts as
 they do not support authorized system functions.
 
     If the accounts on the system do not match the provided documentation, or
 accounts that do not support an authorized system function are present, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system so all accounts on the system are assigned to an
 active system, application, or user account.
 
     Remove accounts that do not support approved system activities or that
 allow for a normal user to perform administrative-level actions.
 
-    Document all authorized accounts on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8b8e9b0c-afd6-4034-950a-9b9ff11a94be</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-root is listed in allowed users.
---------------------------------
-passed
-bin is listed in allowed users.
---------------------------------
-passed
-daemon is listed in allowed users.
---------------------------------
-passed
-adm is listed in allowed users.
---------------------------------
-passed
-lp is listed in allowed users.
---------------------------------
-passed
-sync is listed in allowed users.
---------------------------------
-passed
-shutdown is listed in allowed users.
---------------------------------
-passed
-halt is listed in allowed users.
---------------------------------
-passed
-mail is listed in allowed users.
---------------------------------
-passed
-operator is listed in allowed users.
---------------------------------
-passed
-nobody is listed in allowed users.
---------------------------------
-passed
-systemd-network is listed in allowed users.
-expected &#x60;systemd-network&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-dbus is listed in allowed users.
-expected &#x60;dbus&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-polkitd is listed in allowed users.
-expected &#x60;polkitd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-sshd is listed in allowed users.
-expected &#x60;sshd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-postfix is listed in allowed users.
-expected &#x60;postfix&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-chrony is listed in allowed users.
-expected &#x60;chrony&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-ec2-user is listed in allowed users.
-expected &#x60;ec2-user&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-tss is listed in allowed users.
-expected &#x60;tss&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;
---------------------------------
-passed
-sssd is listed in allowed users.
-expected &#x60;sssd&#x60; to be in the list: &#x60;[&quot;root&quot;, &quot;bin&quot;, &quot;daemon&quot;, &quot;adm&quot;, &quot;lp&quot;, &quot;sync&quot;, &quot;shutdown&quot;, &quot;halt&quot;, &quot;mail&quot;, &quot;operator&quot;, &quot;nobody&quot;, &quot;systemd-bus-proxy&quot;]&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-78997</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-93703r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010101</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Document all authorized accounts on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72001\" do\n  title \"The Red Hat Enterprise Linux operating system must not have\nunnecessary accounts.\"\n  desc  \"Accounts providing no operational purpose provide additional\nopportunities for system compromise. Unnecessary accounts include user accounts\nfor individuals not requiring access to the system and application accounts for\napplications not installed on the system.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all accounts on the system are assigned to an active system,\napplication, or user account.\n\n    Obtain the list of authorized system accounts from the Information System\nSecurity Officer (ISSO).\n\n    Check the system accounts on the system with the following command:\n\n    # more /etc/passwd\n    root:x:0:0:root:/root:/bin/bash\n    bin:x:1:1:bin:/bin:/sbin/nologin\n    daemon:x:2:2:daemon:/sbin:/sbin/nologin\n    sync:x:5:0:sync:/sbin:/bin/sync\n    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\n    halt:x:7:0:halt:/sbin:/sbin/halt\n    games:x:12:100:games:/usr/games:/sbin/nologin\n    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin\n\n    Accounts such as \\\"games\\\" and \\\"gopher\\\" are not authorized accounts as\nthey do not support authorized system functions.\n\n    If the accounts on the system do not match the provided documentation, or\naccounts that do not support an authorized system function are present, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system so all accounts on the system are assigned to an\nactive system, application, or user account.\n\n    Remove accounts that do not support approved system activities or that\nallow for a normal user to perform administrative-level actions.\n\n    Document all authorized accounts on the system.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72001\"\n  tag rid: \"SV-86625r2_rule\"\n  tag stig_id: \"RHEL-07-020270\"\n  tag fix_id: \"F-78353r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  known_system_accounts = input('known_system_accounts')\n  user_accounts = input('user_accounts')\n\n  allowed_accounts = (known_system_accounts + user_accounts).uniq\n  passwd.users.each do |user|\n    describe user do\n      it \"is listed in allowed users.\" do\n        expect(subject).to(be_in allowed_accounts)\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST root is listed in allowed users.
+--------------------------------
+passed :: TEST bin is listed in allowed users.
+--------------------------------
+passed :: TEST daemon is listed in allowed users.
+--------------------------------
+passed :: TEST adm is listed in allowed users.
+--------------------------------
+passed :: TEST lp is listed in allowed users.
+--------------------------------
+passed :: TEST sync is listed in allowed users.
+--------------------------------
+passed :: TEST shutdown is listed in allowed users.
+--------------------------------
+passed :: TEST halt is listed in allowed users.
+--------------------------------
+passed :: TEST mail is listed in allowed users.
+--------------------------------
+passed :: TEST operator is listed in allowed users.
+--------------------------------
+passed :: TEST nobody is listed in allowed users.
+--------------------------------
+passed :: TEST systemd-network is listed in allowed users. :: MESSAGE expected `systemd-network` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST dbus is listed in allowed users. :: MESSAGE expected `dbus` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST polkitd is listed in allowed users. :: MESSAGE expected `polkitd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST sshd is listed in allowed users. :: MESSAGE expected `sshd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST postfix is listed in allowed users. :: MESSAGE expected `postfix` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST chrony is listed in allowed users. :: MESSAGE expected `chrony` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST ec2-user is listed in allowed users. :: MESSAGE expected `ec2-user` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST tss is listed in allowed users. :: MESSAGE expected `tss` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`
+--------------------------------
+passed :: TEST sssd is listed in allowed users. :: MESSAGE expected `sssd` to be in the list: `["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy"]`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-78997</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-93703r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010101</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent a user from
 overriding the screensaver idle-activation-enabled setting for the graphical
-user interface.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+user interface.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -32426,17 +30975,17 @@ does not want to log out because of the temporary nature of the absence.
     The session lock is implemented at the point where session activity can be
 determined.
 
-    The ability to enable&#x2F;disable a session lock is given to the user by
-default. Disabling the user&#39;s ability to disengage the graphical user interface
+    The ability to enable/disable a session lock is given to the user by
+default. Disabling the user's ability to disengage the graphical user interface
 session lock provides the assurance that all sessions will lock after the
-specified period of time.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+specified period of time.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents a user from overriding the screensaver
 idle-activation-enabled setting for the graphical user interface.
 
@@ -32446,24 +30995,24 @@ console.
 
     Determine which profile the system database is using with the following
 command:
-    # grep system-db &#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user
+    # grep system-db /etc/dconf/profile/user
 
     system-db:local
 
     Check for the idle-activation-enabled setting with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-the path is &quot;&#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&quot;. This path must be modified if a database
-other than &quot;local&quot; is being used.
+    Note: The example below is using the database "local" for the system, so
+the path is "/etc/dconf/db/local.d". This path must be modified if a database
+other than "local" is being used.
 
-    # grep -i idle-activation-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;*
+    # grep -i idle-activation-enabled /etc/dconf/db/local.d/locks/*
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;idle-activation-enabled
+    /org/gnome/desktop/screensaver/idle-activation-enabled
 
-    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent a user from overriding a
 screensaver lock after a 15-minute period of inactivity for graphical user
 interfaces.
@@ -32471,444 +31020,425 @@ interfaces.
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    Note: The example below is using the database &quot;local&quot; for the system, so
-if the system is using another database in &quot;&#x2F;etc&#x2F;dconf&#x2F;profile&#x2F;user&quot;, the
+    Note: The example below is using the database "local" for the system, so
+if the system is using another database in "/etc/dconf/profile/user", the
 file should be created under the appropriate subdirectory.
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;locks&#x2F;session
+    # touch /etc/dconf/db/local.d/locks/session
 
     Add the setting to lock the screensaver idle-activation-enabled setting:
 
-    &#x2F;org&#x2F;gnome&#x2F;desktop&#x2F;screensaver&#x2F;idle-activation-enabled</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9ccd574c-d367-41c2-ab05-354fc3284df8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The GNOME desktop is not installed
-The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72265</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86889r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040460</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    /org/gnome/desktop/screensaver/idle-activation-enabled</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-78997\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent a user from\noverriding the screensaver idle-activation-enabled setting for the graphical\nuser interface.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    The ability to enable/disable a session lock is given to the user by\ndefault. Disabling the user's ability to disengage the graphical user interface\nsession lock provides the assurance that all sessions will lock after the\nspecified period of time.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents a user from overriding the screensaver\nidle-activation-enabled setting for the graphical user interface.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    Determine which profile the system database is using with the following\ncommand:\n    # grep system-db /etc/dconf/profile/user\n\n    system-db:local\n\n    Check for the idle-activation-enabled setting with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nthe path is \\\"/etc/dconf/db/local.d\\\". This path must be modified if a database\nother than \\\"local\\\" is being used.\n\n    # grep -i idle-activation-enabled /etc/dconf/db/local.d/locks/*\n\n    /org/gnome/desktop/screensaver/idle-activation-enabled\n\n    If the command does not return a result, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent a user from overriding a\nscreensaver lock after a 15-minute period of inactivity for graphical user\ninterfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    Note: The example below is using the database \\\"local\\\" for the system, so\nif the system is using another database in \\\"/etc/dconf/profile/user\\\", the\nfile should be created under the appropriate subdirectory.\n\n    # touch /etc/dconf/db/local.d/locks/session\n\n    Add the setting to lock the screensaver idle-activation-enabled setting:\n\n    /org/gnome/desktop/screensaver/idle-activation-enabled\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-78997\"\n  tag rid: \"SV-93703r2_rule\"\n  tag stig_id: \"RHEL-07-010101\"\n  tag fix_id: \"F-85747r1_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe command(\"gsettings writable org.gnome.desktop.screensaver idle-activation-enabled\") do\n    its('stdout.strip') { should cmp 'false' }\n  end if package('gnome-desktop3').installed?\n\n  describe \"The GNOME desktop is not installed\" do\n    skip \"The GNOME desktop is not installed, this control is Not Applicable.\"\n  end if !package('gnome-desktop3').installed?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The GNOME desktop is not installed :: SKIP_MESSAGE The GNOME desktop is not installed, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72265</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86889r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040460</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon uses privilege separation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon uses privilege separation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>SSH daemon privilege separation causes the SSH process to drop root
 privileges when not needed, which would decrease the impact of software
-vulnerabilities in the unprivileged section.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+vulnerabilities in the unprivileged section.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs privilege separation.
 
     Check that the SSH daemon performs privilege separation with the following
 command:
 
-    # grep -i usepriv &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i usepriv /etc/ssh/sshd_config
 
     UsePrivilegeSeparation sandbox
 
-    If the &quot;UsePrivilegeSeparation&quot; keyword is set to &quot;no&quot;, is missing, or
-the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;UsePrivilegeSeparation&quot; keyword in
-&quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this file may be named differently or be in a
+    If the "UsePrivilegeSeparation" keyword is set to "no", is missing, or
+the returned line is commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "UsePrivilegeSeparation" keyword in
+"/etc/ssh/sshd_config" (this file may be named differently or be in a
 different location if using a version of SSH that is provided by a third-party
-vendor) and set the value to &quot;sandbox&quot; or &quot;yes&quot;:
+vendor) and set the value to "sandbox" or "yes":
 
     UsePrivilegeSeparation sandbox
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5f65461e-0a4d-48ea-8acc-a43ef219b502</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration UsePrivilegeSeparation is expected to cmp &#x3D;&#x3D; &quot;sandbox&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-73165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-87817r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030871</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72265\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon uses privilege separation.\"\n  desc  \"SSH daemon privilege separation causes the SSH process to drop root\nprivileges when not needed, which would decrease the impact of software\nvulnerabilities in the unprivileged section.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs privilege separation.\n\n    Check that the SSH daemon performs privilege separation with the following\ncommand:\n\n    # grep -i usepriv /etc/ssh/sshd_config\n\n    UsePrivilegeSeparation sandbox\n\n    If the \\\"UsePrivilegeSeparation\\\" keyword is set to \\\"no\\\", is missing, or\nthe returned line is commented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"UsePrivilegeSeparation\\\" keyword in\n\\\"/etc/ssh/sshd_config\\\" (this file may be named differently or be in a\ndifferent location if using a version of SSH that is provided by a third-party\nvendor) and set the value to \\\"sandbox\\\" or \\\"yes\\\":\n\n    UsePrivilegeSeparation sandbox\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72265\"\n  tag rid: \"SV-86889r3_rule\"\n  tag stig_id: \"RHEL-07-040460\"\n  tag fix_id: \"F-78619r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe sshd_config do\n      its('UsePrivilegeSeparation') { should cmp 'sandbox' }\n    end\n    describe sshd_config do\n      its('UsePrivilegeSeparation') { should cmp 'yes' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration UsePrivilegeSeparation is expected to cmp == "sandbox"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-73165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-87817r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030871</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;group&quot;.
+"/etc/group".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;group &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/group /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;group -p wa -k identity
+    -w /etc/group -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;group&quot;.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;group -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>43a01a99-30d1-49f4-988a-f40164da51f8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;group&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;group&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72307</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86931r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040730</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/group".
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/group -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-73165\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/group.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/group\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/group /etc/audit/audit.rules\n\n    -w /etc/group -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/group\\\".\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/group -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag gid: \"V-73165\"\n  tag rid: \"SV-87817r3_rule\"\n  tag stig_id: \"RHEL-07-030871\"\n  tag fix_id: \"F-79611r3_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/group'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/group" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/group" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72307</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86931r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040730</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have an X
-Windows display manager installed unless approved.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Windows display manager installed unless approved.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Internet services that are not required for system or application
 processes must not be active to decrease the attack surface of the system. X
 Windows has a long history of security vulnerabilities and will not be used
-unless approved and documented.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unless approved and documented.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that if the system has X Windows System installed, it is authorized.
 
     Check for the X11 package with the following command:
@@ -32919,476 +31449,449 @@ unless approved and documented.</ATTRIBUTE_DATA>
 operational requirement.
 
     If the use of X Windows on the system is not documented with the
-Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Information System Security Officer (ISSO), this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Document the requirement for an X Windows server with the ISSO or remove
 the related packages with the following commands:
 
-    # rpm -e xorg-x11-server-common</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>59e5d1bf-932b-4337-98d5-f8c1ca8583c1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package xorg-x11-server-common is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86757r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030550</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # rpm -e xorg-x11-server-common</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72307\" do\n  title \"The Red Hat Enterprise Linux operating system must not have an X\nWindows display manager installed unless approved.\"\n  desc  \"Internet services that are not required for system or application\nprocesses must not be active to decrease the attack surface of the system. X\nWindows has a long history of security vulnerabilities and will not be used\nunless approved and documented.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that if the system has X Windows System installed, it is authorized.\n\n    Check for the X11 package with the following command:\n\n    # rpm -qa | grep xorg | grep server\n\n    Ask the System Administrator if use of the X Windows System is an\noperational requirement.\n\n    If the use of X Windows on the system is not documented with the\nInformation System Security Officer (ISSO), this is a finding.\n  \"\n  desc  \"fix\", \"\n    Document the requirement for an X Windows server with the ISSO or remove\nthe related packages with the following commands:\n\n    # rpm -e xorg-x11-server-common\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72307\"\n  tag rid: \"SV-86931r4_rule\"\n  tag stig_id: \"RHEL-07-040730\"\n  tag fix_id: \"F-78661r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  x11_enabled = input('x11_enabled')\n\n  describe package('xorg-x11-server-common') do\n    it { should_not be_installed }\n  end if !x11_enabled\n\n  describe package('xorg-x11-server-common') do\n    it { should be_installed }\n  end if x11_enabled\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package xorg-x11-server-common is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86757r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030550</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the ftruncate syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the ftruncate syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ftruncate&quot; syscall occur.
+successful/unsuccessful attempts to use the "ftruncate" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw ftruncate &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw ftruncate /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;ftruncate&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"ftruncate" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;ftruncate&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S ftruncate -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9c18ed76-1690-4553-9a55-750d969c51db</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;ftruncate&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71941</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000118-GPOS-00060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86565r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010310</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "ftruncate" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72133\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe ftruncate syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"ftruncate\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw ftruncate /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"ftruncate\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"ftruncate\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72133\"\n  tag rid: \"SV-86757r5_rule\"\n  tag stig_id: \"RHEL-07-030550\"\n  tag fix_id: \"F-78485r8_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"ftruncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"ftruncate\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"ftruncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"ftruncate\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "ftruncate" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71941</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000118-GPOS-00060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86565r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010310</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must disable account
-identifiers (individuals, groups, roles, and devices) if the password expires.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identifiers (individuals, groups, roles, and devices) if the password expires.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Inactive identifiers pose a risk to systems and applications because
 attackers may exploit an inactive identifier and potentially obtain undetected
 access to the system. Owners of inactive accounts will not notice if
 unauthorized access to their user account has been obtained.
 
     Operating systems need to track periods of inactivity and disable
-application identifiers after zero days of inactivity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+application identifiers after zero days of inactivity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system disables account identifiers (individuals,
 groups, roles, and devices) after the password expires with the following
 command:
 
-    # grep -i inactive &#x2F;etc&#x2F;default&#x2F;useradd
-    INACTIVE&#x3D;0
+    # grep -i inactive /etc/default/useradd
+    INACTIVE=0
 
-    If the value is not set to &quot;0&quot;, is commented out, or is not defined, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the value is not set to "0", is commented out, or is not defined, this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to disable account identifiers (individuals,
 groups, roles, and devices) after the password expires.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;default&#x2F;useradd&quot; (or modify the line to
+    Add the following line to "/etc/default/useradd" (or modify the line to
 have the required value):
 
-    INACTIVE&#x3D;0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b42f6bb4-302c-4a6e-9dda-72f200ed3bb9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;default&#x2F;useradd INACTIVE is expected to cmp &gt;&#x3D; 0
---------------------------------
-passed
-Parse Config File &#x2F;etc&#x2F;default&#x2F;useradd INACTIVE is expected to cmp &lt;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86837r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-032000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    INACTIVE=0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71941\" do\n  title \"The Red Hat Enterprise Linux operating system must disable account\nidentifiers (individuals, groups, roles, and devices) if the password expires.\"\n  desc  \"Inactive identifiers pose a risk to systems and applications because\nattackers may exploit an inactive identifier and potentially obtain undetected\naccess to the system. Owners of inactive accounts will not notice if\nunauthorized access to their user account has been obtained.\n\n    Operating systems need to track periods of inactivity and disable\napplication identifiers after zero days of inactivity.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system disables account identifiers (individuals,\ngroups, roles, and devices) after the password expires with the following\ncommand:\n\n    # grep -i inactive /etc/default/useradd\n    INACTIVE=0\n\n    If the value is not set to \\\"0\\\", is commented out, or is not defined, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to disable account identifiers (individuals,\ngroups, roles, and devices) after the password expires.\n\n    Add the following line to \\\"/etc/default/useradd\\\" (or modify the line to\nhave the required value):\n\n    INACTIVE=0\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000118-GPOS-00060\"\n  tag gid: \"V-71941\"\n  tag rid: \"SV-86565r2_rule\"\n  tag stig_id: \"RHEL-07-010310\"\n  tag fix_id: \"F-78293r1_fix\"\n  tag cci: [\"CCI-000795\"]\n  tag nist: [\"IA-4 e\", \"Rev_4\"]\n\n  days_of_inactivity = input('days_of_inactivity')\n\n  describe parse_config_file(\"/etc/default/useradd\") do\n    its('INACTIVE') { should cmp &gt;= 0 }\n    its('INACTIVE') { should cmp &lt;= days_of_inactivity }\n  end\n\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/default/useradd INACTIVE is expected to cmp &gt;= 0
+--------------------------------
+passed :: TEST Parse Config File /etc/default/useradd INACTIVE is expected to cmp &lt;= 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86837r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-032000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a virus scan
-program.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+program.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Virus scanning software can be used to protect a system from
 penetration from computer viruses and to limit their spread through
 intermediate systems.
@@ -33399,749 +31902,712 @@ must be configured to scan, at a minimum, all altered files on the system on a
 daily basis.
 
     If the system processes inbound SMTP mail, the virus scanner must be
-configured to scan all received mail.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configured to scan all received mail.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify an anti-virus solution is installed on the system. The anti-virus
 solution may be bundled with an approved host-based security solution.
 
     If there is no anti-virus solution installed on the system, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Install an antivirus solution on the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c9549eed-eba1-45e7-a434-15f759a88e79</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001668</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service nails is expected to be running
-expected that &#x60;Service nails&#x60; is running
---------------------------------
-passed
-Service clamav-daemon.socket is expected to be running
-expected that &#x60;Service clamav-daemon.socket&#x60; is running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72283</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86907r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040610</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Install an antivirus solution on the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72213\" do\n  title \"The Red Hat Enterprise Linux operating system must use a virus scan\nprogram.\"\n  desc  \"Virus scanning software can be used to protect a system from\npenetration from computer viruses and to limit their spread through\nintermediate systems.\n\n    The virus scanning software should be configured to perform scans\ndynamically on accessed files. If this capability is not available, the system\nmust be configured to scan, at a minimum, all altered files on the system on a\ndaily basis.\n\n    If the system processes inbound SMTP mail, the virus scanner must be\nconfigured to scan all received mail.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify an anti-virus solution is installed on the system. The anti-virus\nsolution may be bundled with an approved host-based security solution.\n\n    If there is no anti-virus solution installed on the system, this is a\nfinding.\n  \"\n  desc  \"fix\", \"Install an antivirus solution on the system.\"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72213\"\n  tag rid: \"SV-86837r3_rule\"\n  tag stig_id: \"RHEL-07-032000\"\n  tag fix_id: \"F-78567r2_fix\"\n  tag cci: [\"CCI-001668\"]\n  tag nist: [\"SI-3 a\", \"Rev_4\"]\n\n  custom_antivirus = input('custom_antivirus')\n\n  if ! custom_antivirus\n    describe.one do\n      describe service('nails') do\n      it { should be_running }\n    end\n    describe service('clamav-daemon.socket') do\n      it { should be_running }\n      end\n    end\n  else\n    # Allow user to provide a description of their AV solution\n    # for documentation.\n    custom_antivirus_description = input('custom_antivirus_description')\n    describe \"Antivirus: #{custom_antivirus_description}\" do\n      subject { custom_antivirus_description }\n      it { should_not cmp 'None' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001668</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service nails is expected to be running :: MESSAGE expected that `Service nails` is running
+--------------------------------
+passed :: TEST Service clamav-daemon.socket is expected to be running :: MESSAGE expected that `Service clamav-daemon.socket` is running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72283</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86907r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040610</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not forward
-Internet Protocol version 4 (IPv4) source-routed packets.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Internet Protocol version 4 (IPv4) source-routed packets.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Source-routed packets allow the source of the packet to suggest that
 routers forward the packet along a different path than configured on the
 router, which can be used to bypass network security measures. This requirement
 applies only to the forwarding of source-routed traffic, such as when IPv4
-forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+forwarding is enabled and the system is functioning as a router.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not accept IPv4 source-routed packets.
 
-    # grep net.ipv4.conf.all.accept_source_route &#x2F;etc&#x2F;sysctl.conf
-&#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf
+/etc/sysctl.d/*
 
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    net.ipv4.conf.all.accept_source_route = 0
 
-    If &quot; net.ipv4.conf.all.accept_source_route &quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out, or
-does not have a value of &quot;0&quot;, this is a finding.
+    If " net.ipv4.conf.all.accept_source_route " is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or
+does not have a value of "0", this is a finding.
 
     Check that the operating system implements the accept source route variable
 with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep net.ipv4.conf.all.accept_source_route
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route
+    net.ipv4.conf.all.accept_source_route = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.accept_source_route &#x3D; 0
+    net.ipv4.conf.all.accept_source_route = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl -system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b5dd8b48-e54b-4afc-bf31-32641da00201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72263</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86887r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl -system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72283\" do\n  title \"The Red Hat Enterprise Linux operating system must not forward\nInternet Protocol version 4 (IPv4) source-routed packets.\"\n  desc  \"Source-routed packets allow the source of the packet to suggest that\nrouters forward the packet along a different path than configured on the\nrouter, which can be used to bypass network security measures. This requirement\napplies only to the forwarding of source-routed traffic, such as when IPv4\nforwarding is enabled and the system is functioning as a router.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not accept IPv4 source-routed packets.\n\n    # grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf\n/etc/sysctl.d/*\n\n    net.ipv4.conf.all.accept_source_route = 0\n\n    If \\\" net.ipv4.conf.all.accept_source_route \\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the accept source route variable\nwith the following command:\n\n    # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route\n    net.ipv4.conf.all.accept_source_route = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.accept_source_route = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl -system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72283\"\n  tag rid: \"SV-86907r2_rule\"\n  tag stig_id: \"RHEL-07-040610\"\n  tag fix_id: \"F-78637r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.accept_source_route') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.accept_source_route value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72263</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86887r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the SSH daemon performs strict mode checking of home directory
-configuration files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+configuration files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If other users have access to modify user-specific SSH configuration
-files, they may be able to log on to the system as another user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+files, they may be able to log on to the system as another user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the SSH daemon performs strict mode checking of home directory
 configuration files.
 
-    The location of the &quot;sshd_config&quot; file may vary if a different daemon is
+    The location of the "sshd_config" file may vary if a different daemon is
 in use.
 
-    Inspect the &quot;sshd_config&quot; file with the following command:
+    Inspect the "sshd_config" file with the following command:
 
-    # grep -i strictmodes &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i strictmodes /etc/ssh/sshd_config
 
     StrictModes yes
 
-    If &quot;StrictModes&quot; is set to &quot;no&quot;, is missing, or the returned line is
-commented out, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Uncomment the &quot;StrictModes&quot; keyword in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; (this
+    If "StrictModes" is set to "no", is missing, or the returned line is
+commented out, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" (this
 file may be named differently or be in a different location if using a version
-of SSH that is provided by a third-party vendor) and set the value to &quot;yes&quot;:
+of SSH that is provided by a third-party vendor) and set the value to "yes":
 
     StrictModes yes
 
-    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>faa9f5b0-bec9-44ba-a544-5692bc874668</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration StrictModes is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72065</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86689r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The SSH service must be restarted for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72263\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon performs strict mode checking of home directory\nconfiguration files.\"\n  desc  \"If other users have access to modify user-specific SSH configuration\nfiles, they may be able to log on to the system as another user.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the SSH daemon performs strict mode checking of home directory\nconfiguration files.\n\n    The location of the \\\"sshd_config\\\" file may vary if a different daemon is\nin use.\n\n    Inspect the \\\"sshd_config\\\" file with the following command:\n\n    # grep -i strictmodes /etc/ssh/sshd_config\n\n    StrictModes yes\n\n    If \\\"StrictModes\\\" is set to \\\"no\\\", is missing, or the returned line is\ncommented out, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Uncomment the \\\"StrictModes\\\" keyword in \\\"/etc/ssh/sshd_config\\\" (this\nfile may be named differently or be in a different location if using a version\nof SSH that is provided by a third-party vendor) and set the value to \\\"yes\\\":\n\n    StrictModes yes\n\n    The SSH service must be restarted for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72263\"\n  tag rid: \"SV-86887r3_rule\"\n  tag stig_id: \"RHEL-07-040450\"\n  tag fix_id: \"F-78617r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('StrictModes') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration StrictModes is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72065</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86689r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for &#x2F;tmp (or equivalent).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for /tmp (or equivalent).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that a separate file system&#x2F;partition has been created for &quot;&#x2F;tmp&quot;.
-
-    Check that a file system&#x2F;partition has been created for &quot;&#x2F;tmp&quot; with the
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that a separate file system/partition has been created for "/tmp".
+
+    Check that a file system/partition has been created for "/tmp" with the
 following command:
 
     # systemctl is-enabled tmp.mount
     enabled
 
-    If the &quot;tmp.mount&quot; service is not enabled, check to see if &quot;&#x2F;tmp&quot; is
+    If the "tmp.mount" service is not enabled, check to see if "/tmp" is
 defined in the fstab with a device and mount point:
 
-    # grep -i &#x2F;tmp &#x2F;etc&#x2F;fstab
-    UUID&#x3D;a411dc99-f2a1-4c87-9e05-184977be8539 &#x2F;tmp   ext4
-rw,relatime,discard,data&#x3D;ordered,nosuid,noexec, 0 0
+    # grep -i /tmp /etc/fstab
+    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /tmp   ext4
+rw,relatime,discard,data=ordered,nosuid,noexec, 0 0
 
-    If &quot;tmp.mount&quot; service is not enabled and the &quot;&#x2F;tmp&quot; directory is not
-defined in the fstab with a device and mount point, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Start the &quot;tmp.mount&quot; service with the following command:
+    If "tmp.mount" service is not enabled and the "/tmp" directory is not
+defined in the fstab with a device and mount point, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Start the "tmp.mount" service with the following command:
 
     # systemctl enable tmp.mount
 
     OR
 
-    Edit the &quot;&#x2F;etc&#x2F;fstab&quot; file and ensure the &quot;&#x2F;tmp&quot; directory is defined
-in the fstab with a device and mount point.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f284235c-5733-4087-aaec-0d32c4c07416</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Service tmp.mount is expected to be enabled
-expected that &#x60;Service tmp.mount&#x60; is enabled
---------------------------------
-passed
-File System Table File (fstab) with mount_point &#x3D;&#x3D; &quot;&#x2F;tmp&quot; Should have a device name specified
-expected nil to respond to &#x60;empty?&#x60;
---------------------------------
-passed
-File System Table File (fstab) with mount_point &#x3D;&#x3D; &quot;&#x2F;tmp&quot; count is expected to cmp &#x3D;&#x3D; 1
-
+    Edit the "/etc/fstab" file and ensure the "/tmp" directory is defined
+in the fstab with a device and mount point.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72065\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for /tmp (or equivalent).\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that a separate file system/partition has been created for \\\"/tmp\\\".\n\n    Check that a file system/partition has been created for \\\"/tmp\\\" with the\nfollowing command:\n\n    # systemctl is-enabled tmp.mount\n    enabled\n\n    If the \\\"tmp.mount\\\" service is not enabled, check to see if \\\"/tmp\\\" is\ndefined in the fstab with a device and mount point:\n\n    # grep -i /tmp /etc/fstab\n    UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /tmp   ext4\nrw,relatime,discard,data=ordered,nosuid,noexec, 0 0\n\n    If \\\"tmp.mount\\\" service is not enabled and the \\\"/tmp\\\" directory is not\ndefined in the fstab with a device and mount point, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Start the \\\"tmp.mount\\\" service with the following command:\n\n    # systemctl enable tmp.mount\n\n    OR\n\n    Edit the \\\"/etc/fstab\\\" file and ensure the \\\"/tmp\\\" directory is defined\nin the fstab with a device and mount point.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72065\"\n  tag rid: \"SV-86689r3_rule\"\n  tag stig_id: \"RHEL-07-021340\"\n  tag fix_id: \"F-78417r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe systemd_service('tmp.mount') do\n      it { should be_enabled }\n    end\n    describe etc_fstab.where { mount_point == '/tmp' } do\n      its('count') { should cmp 1 }\n      it 'Should have a device name specified' do\n        expect(subject.device_name[0]).to_not(be_empty)\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Service tmp.mount is expected to be enabled :: MESSAGE expected that `Service tmp.mount` is enabled
+--------------------------------
+passed :: TEST File System Table File (fstab) with mount_point == "/tmp" Should have a device name specified :: MESSAGE expected nil to respond to `empty?`
+--------------------------------
+passed :: TEST File System Table File (fstab) with mount_point == "/tmp" count is expected to cmp == 1 :: MESSAGE 
 expected: 1
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72107</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86731r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72107</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86731r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fchmod syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fchmod syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmod" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following command:
 
-    # grep -iw fchmod &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fchmod /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fchmod&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fchmod" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fchmod&quot; syscall occur.
+successful/unsuccessful attempts to use the "fchmod" syscall occur.
 
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fchmod -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k
 perm_mod
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bb4e46bd-848d-4ea4-9b5f-efecbbadb42f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fchmod&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71935</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000078-GPOS-00046</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86559r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010280</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72107\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fchmod syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmod\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing command:\n\n    # grep -iw fchmod /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fchmod\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fchmod\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    -a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=4294967295 -k\nperm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72107\"\n  tag rid: \"SV-86731r5_rule\"\n  tag stig_id: \"RHEL-07-030420\"\n  tag fix_id: \"F-78459r9_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fchmod\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fchmod\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fchmod" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71935</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000078-GPOS-00046</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86559r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010280</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that passwords are a minimum of 15 characters in length.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that passwords are a minimum of 15 characters in length.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The shorter the password, the lower the number of possible
 combinations that need to be tested before the password is compromised.
 
@@ -34149,303 +32615,291 @@ combinations that need to be tested before the password is compromised.
 password in resisting attempts at guessing and brute-force attacks. Password
 length is one factor of several that helps to determine strength and how long
 it takes to crack a password. Use of more characters in a password helps to
-exponentially increase the time and&#x2F;or resources required to compromise the
-password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+exponentially increase the time and/or resources required to compromise the
+password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enforces a minimum 15-character password
-length. The &quot;minlen&quot; option sets the minimum number of characters in a new
+length. The "minlen" option sets the minimum number of characters in a new
 password.
 
-    Check for the value of the &quot;minlen&quot; option in
-&quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; with the following command:
+    Check for the value of the "minlen" option in
+"/etc/security/pwquality.conf" with the following command:
 
-    # grep minlen &#x2F;etc&#x2F;security&#x2F;pwquality.conf
-    minlen &#x3D; 15
+    # grep minlen /etc/security/pwquality.conf
+    minlen = 15
 
-    If the command does not return a &quot;minlen&quot; value of 15 or greater, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return a "minlen" value of 15 or greater, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure operating system to enforce a minimum 15-character password
 length.
 
-    Add the following line to &quot;&#x2F;etc&#x2F;security&#x2F;pwquality.conf&quot; (or modify the
+    Add the following line to "/etc/security/pwquality.conf" (or modify the
 line to have the required value):
 
-    minlen &#x3D; 15</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d5dc66a8-3434-4621-82ff-981942a35a93</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Parse Config File &#x2F;etc&#x2F;security&#x2F;pwquality.conf minlen.to_i is expected to cmp &gt;&#x3D; 15</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71947</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86571r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010340</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    minlen = 15</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71935\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat passwords are a minimum of 15 characters in length.\"\n  desc  \"The shorter the password, the lower the number of possible\ncombinations that need to be tested before the password is compromised.\n\n    Password complexity, or strength, is a measure of the effectiveness of a\npassword in resisting attempts at guessing and brute-force attacks. Password\nlength is one factor of several that helps to determine strength and how long\nit takes to crack a password. Use of more characters in a password helps to\nexponentially increase the time and/or resources required to compromise the\npassword.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enforces a minimum 15-character password\nlength. The \\\"minlen\\\" option sets the minimum number of characters in a new\npassword.\n\n    Check for the value of the \\\"minlen\\\" option in\n\\\"/etc/security/pwquality.conf\\\" with the following command:\n\n    # grep minlen /etc/security/pwquality.conf\n    minlen = 15\n\n    If the command does not return a \\\"minlen\\\" value of 15 or greater, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Configure operating system to enforce a minimum 15-character password\nlength.\n\n    Add the following line to \\\"/etc/security/pwquality.conf\\\" (or modify the\nline to have the required value):\n\n    minlen = 15\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000078-GPOS-00046\"\n  tag gid: \"V-71935\"\n  tag rid: \"SV-86559r2_rule\"\n  tag stig_id: \"RHEL-07-010280\"\n  tag fix_id: \"F-78287r1_fix\"\n  tag cci: [\"CCI-000205\"]\n  tag nist: [\"IA-5 (1) (a)\", \"Rev_4\"]\n\n  min_len = input('min_len')\n\n  describe parse_config_file(\"/etc/security/pwquality.conf\") do\n    its('minlen.to_i') { should cmp &gt;= min_len }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Parse Config File /etc/security/pwquality.conf minlen.to_i is expected to cmp &gt;= 15</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71947</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000373-GPOS-00156</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86571r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010340</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that users must provide a password for privilege escalation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that users must provide a password for privilege escalation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without re-authentication, users may access resources or perform tasks
 for which they do not have authorization.
 
     When operating systems provide the capability to escalate a functional
-capability, it is critical the user re-authenticate.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+capability, it is critical the user re-authenticate.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If passwords are not being used for authentication, this is Not Applicable.
 
     Verify the operating system requires users to supply a password for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; and &quot;&#x2F;etc&#x2F;sudoers.d&#x2F;*&quot;
+    Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*"
 files with the following command:
 
-    # grep -i nopasswd &#x2F;etc&#x2F;sudoers &#x2F;etc&#x2F;sudoers.d&#x2F;*
+    # grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
 
-    If any uncommented line is found with a &quot;NOPASSWD&quot; tag, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any uncommented line is found with a "NOPASSWD" tag, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to require users to supply a password for
 privilege escalation.
 
-    Check the configuration of the &quot;&#x2F;etc&#x2F;sudoers&quot; file with the following
+    Check the configuration of the "/etc/sudoers" file with the following
 command:
     # visudo
 
-    Remove any occurrences of &quot;NOPASSWD&quot; tags in the file.
+    Remove any occurrences of "NOPASSWD" tags in the file.
 
-    Check the configuration of the &#x2F;etc&#x2F;sudoers.d&#x2F;* files with the following
+    Check the configuration of the /etc/sudoers.d/* files with the following
 command:
-    # grep -i nopasswd &#x2F;etc&#x2F;sudoers.d&#x2F;*
-
-    Remove any occurrences of &quot;NOPASSWD&quot; tags in the file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>03269bcd-a953-4215-b628-b9bb69a70ebe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep -i nopasswd &#x2F;etc&#x2F;sudoers.d&#x2F;90-cloud-init-users&#x60; stdout is expected not to match &#x2F;^[^#]*NOPASSWD&#x2F;
-expected &quot;ec2-user ALL&#x3D;(ALL) NOPASSWD:ALL\n&quot; not to match &#x2F;^[^#]*NOPASSWD&#x2F;
+    # grep -i nopasswd /etc/sudoers.d/*
+
+    Remove any occurrences of "NOPASSWD" tags in the file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71947\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat users must provide a password for privilege escalation.\"\n  desc  \"Without re-authentication, users may access resources or perform tasks\nfor which they do not have authorization.\n\n    When operating systems provide the capability to escalate a functional\ncapability, it is critical the user re-authenticate.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If passwords are not being used for authentication, this is Not Applicable.\n\n    Verify the operating system requires users to supply a password for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" and \\\"/etc/sudoers.d/*\\\"\nfiles with the following command:\n\n    # grep -i nopasswd /etc/sudoers /etc/sudoers.d/*\n\n    If any uncommented line is found with a \\\"NOPASSWD\\\" tag, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to require users to supply a password for\nprivilege escalation.\n\n    Check the configuration of the \\\"/etc/sudoers\\\" file with the following\ncommand:\n    # visudo\n\n    Remove any occurrences of \\\"NOPASSWD\\\" tags in the file.\n\n    Check the configuration of the /etc/sudoers.d/* files with the following\ncommand:\n    # grep -i nopasswd /etc/sudoers.d/*\n\n    Remove any occurrences of \\\"NOPASSWD\\\" tags in the file.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000373-GPOS-00156\"\n  tag satisfies: [\"SRG-OS-000373-GPOS-00156\", \"SRG-OS-000373-GPOS-00157\",\n\"SRG-OS-000373-GPOS-00158\"]\n  tag gid: \"V-71947\"\n  tag rid: \"SV-86571r3_rule\"\n  tag stig_id: \"RHEL-07-010340\"\n  tag fix_id: \"F-78299r2_fix\"\n  tag cci: [\"CCI-002038\"]\n  tag nist: [\"IA-11\", \"Rev_4\"]\n\n  processed = []\n  to_process = ['/etc/sudoers', '/etc/sudoers.d']\n\n  while !to_process.empty?\n    in_process = to_process.pop\n    next if processed.include? in_process\n    processed.push in_process\n\n    if file(in_process).directory?\n      to_process.concat(\n        command(\"find #{in_process} -maxdepth 1 -mindepth 1\").\n          stdout.strip.split(\"\\n\").\n          select { |f| file(f).file? }\n      )\n    elsif file(in_process).file?\n      to_process.concat(\n        command(\"grep -E '#include\\\\s+' #{in_process} | sed 's/.*#include[[:space:]]*//g'\").\n          stdout.strip.split(\"\\n\").\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          select { |f| file(f).exist? }\n      )\n      to_process.concat(\n        command(\"grep -E '#includedir\\\\s+' #{in_process} | sed 's/.*#includedir[[:space:]]*//g'\").\n          stdout.strip.split(\"\\n\").\n          map { |f| f.start_with?('/') ? f : File.join(File.dirname(in_process), f) }.\n          select { |f| file(f).exist? }\n      )\n    end\n  end\n\n  sudoers = processed.select { |f| file(f).file? }\n\n  sudoers.each do |sudoer|\n    describe command(\"grep -i nopasswd #{sudoer}\") do\n      its('stdout') { should_not match %r{^[^#]*NOPASSWD} }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep -i nopasswd /etc/sudoers.d/90-cloud-init-users` stdout is expected not to match /^[^#]*NOPASSWD/ :: MESSAGE expected "ec2-user ALL=(ALL) NOPASSWD:ALL\n" not to match /^[^#]*NOPASSWD/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;^[^#]*NOPASSWD&#x2F;
-+ec2-user ALL&#x3D;(ALL) NOPASSWD:ALL
-
---------------------------------
-passed
-Command: &#x60;grep -i nopasswd &#x2F;etc&#x2F;sudoers&#x60; stdout is expected not to match &#x2F;^[^#]*NOPASSWD&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000028-GPOS-00009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86515r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+-/^[^#]*NOPASSWD/
++ec2-user ALL=(ALL) NOPASSWD:ALL
+
+--------------------------------
+passed :: TEST Command: `grep -i nopasswd /etc/sudoers` stdout is expected not to match /^[^#]*NOPASSWD/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000028-GPOS-00009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86515r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable a user
 session lock until that user re-establishes access using established
-identification and authentication procedures.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+identification and authentication procedures.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session lock is a temporary action taken when a user stops work and
 moves away from the immediate physical vicinity of the information system but
 does not want to log out because of the temporary nature of the absence.
@@ -34455,15 +32909,15 @@ determined.
 
     Regardless of where the session lock is determined and implemented, once
 invoked, the session lock must remain in place until the user reauthenticates.
-No other activity aside from reauthentication must unlock the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify the operating system enables a user&#39;s session lock until that user
+No other activity aside from reauthentication must unlock the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify the operating system enables a user's session lock until that user
 re-establishes access using established identification and authentication
 procedures. The screen program must be installed to lock sessions on the
 console.
@@ -34473,176 +32927,170 @@ Applicable.
 
     Check to see if the screen lock is enabled with the following command:
 
-    # grep -i lock-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    lock-enabled&#x3D;true
+    # grep -i lock-enabled /etc/dconf/db/local.d/*
+    lock-enabled=true
 
-    If the &quot;lock-enabled&quot; setting is missing or is not set to &quot;true&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the operating system to enable a user&#39;s session lock until that
+    If the "lock-enabled" setting is missing or is not set to "true", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the operating system to enable a user's session lock until that
 user re-establishes access using established identification and authentication
 procedures.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following example:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
-    Edit the &quot;[org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]&quot; section of the database file
+    Edit the "[org/gnome/desktop/screensaver]" section of the database file
 and add or update the following lines:
 
     # Set this to true to lock the screen when the screensaver activates
-    lock-enabled&#x3D;true
+    lock-enabled=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>bcec1b07-9611-4af6-b227-ac0ad0f00707</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000056</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71855</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86479r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71891\" do\n  title \"The Red Hat Enterprise Linux operating system must enable a user\nsession lock until that user re-establishes access using established\nidentification and authentication procedures.\"\n  desc  \"A session lock is a temporary action taken when a user stops work and\nmoves away from the immediate physical vicinity of the information system but\ndoes not want to log out because of the temporary nature of the absence.\n\n    The session lock is implemented at the point where session activity can be\ndetermined.\n\n    Regardless of where the session lock is determined and implemented, once\ninvoked, the session lock must remain in place until the user reauthenticates.\nNo other activity aside from reauthentication must unlock the system.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enables a user's session lock until that user\nre-establishes access using established identification and authentication\nprocedures. The screen program must be installed to lock sessions on the\nconsole.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable.\n\n    Check to see if the screen lock is enabled with the following command:\n\n    # grep -i lock-enabled /etc/dconf/db/local.d/*\n    lock-enabled=true\n\n    If the \\\"lock-enabled\\\" setting is missing or is not set to \\\"true\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to enable a user's session lock until that\nuser re-establishes access using established identification and authentication\nprocedures.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following example:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Edit the \\\"[org/gnome/desktop/screensaver]\\\" section of the database file\nand add or update the following lines:\n\n    # Set this to true to lock the screen when the screensaver activates\n    lock-enabled=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000028-GPOS-00009\"\n  tag satisfies: [\"SRG-OS-000028-GPOS-00009\", \"SRG-OS-000030-GPOS-00011\"]\n  tag gid: \"V-71891\"\n  tag rid: \"SV-86515r6_rule\"\n  tag stig_id: \"RHEL-07-010060\"\n  tag fix_id: \"F-78243r9_fix\"\n  tag cci: [\"CCI-000056\"]\n  tag nist: [\"AC-11 b\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command('gsettings get org.gnome.desktop.screensaver lock-enabled') do\n      its('stdout.strip') { should cmp 'true' }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000056</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71855</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86479r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cryptographic hash of system files and commands matches vendor values.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the cryptographic hash of system files and commands matches vendor values.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without cryptographic integrity protections, system command and files
 can be altered by unauthorized users without detection.
 
     Cryptographic mechanisms used for protecting the integrity of information
 include, for example, signed hash functions using asymmetric cryptography
 enabling distribution of the public key to verify the hash information while
-maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+maintaining the confidentiality of the key used to generate the hash.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the cryptographic hash of system files and commands match the vendor
 values.
 
     Check the cryptographic hash of system files and commands with the
 following command:
 
-    Note: System configuration files (indicated by a &quot;c&quot; in the second
+    Note: System configuration files (indicated by a "c" in the second
 column) are expected to change over time. Unusual modifications should be
 investigated through the system audit log.
 
-    # rpm -Va --noconfig | grep &#39;^..5&#39;
+    # rpm -Va --noconfig | grep '^..5'
 
     If there is any output from the command for system files or binaries, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the file:
 
     # rpm -qf &lt;filename&gt;
@@ -34654,281 +33102,269 @@ is a finding.</ATTRIBUTE_DATA>
     Alternatively, the package can be reinstalled from trusted media using the
 command:
 
-    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9a409c72-4e3e-42d8-98e7-e0c2bb572bf0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This control consistently takes a long to run and has been disabled
-    using the disable_slow_controls attribute.
-This control consistently takes a long to run and has been disabled
+    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71855\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cryptographic hash of system files and commands matches vendor values.\"\n  desc  \"Without cryptographic integrity protections, system command and files\ncan be altered by unauthorized users without detection.\n\n    Cryptographic mechanisms used for protecting the integrity of information\ninclude, for example, signed hash functions using asymmetric cryptography\nenabling distribution of the public key to verify the hash information while\nmaintaining the confidentiality of the key used to generate the hash.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the cryptographic hash of system files and commands match the vendor\nvalues.\n\n    Check the cryptographic hash of system files and commands with the\nfollowing command:\n\n    Note: System configuration files (indicated by a \\\"c\\\" in the second\ncolumn) are expected to change over time. Unusual modifications should be\ninvestigated through the system audit log.\n\n    # rpm -Va --noconfig | grep '^..5'\n\n    If there is any output from the command for system files or binaries, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the file:\n\n    # rpm -qf &lt;filename&gt;\n\n    The package can be reinstalled from a yum repository using the command:\n\n    # sudo yum reinstall &lt;packagename&gt;\n\n    Alternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n    # sudo rpm -Uvh &lt;packagename&gt;\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-71855\"\n  tag rid: \"SV-86479r4_rule\"\n  tag stig_id: \"RHEL-07-010020\"\n  tag fix_id: \"F-78207r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\nif input('disable_slow_controls')\n    describe \"This control consistently takes a long to run and has been disabled\n    using the disable_slow_controls attribute.\" do\n      skip \"This control consistently takes a long to run and has been disabled\n      using the disable_slow_controls attribute. You must enable this control for a\n      full accredidation for production.\"\n    end\n  else\n    # grep excludes files that are marked with 'c' attribute (config files)\n    describe command(\"rpm -Va | grep '^..5' | grep -E -v '[a-z]*c[a-z]*\\\\s+\\\\S+$' | awk 'NF&gt;1{print $NF}'\").\n      stdout.strip.split(\"\\n\") do\n        it { should all(be_in rpm_verify_integrity_except) }\n      end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This control consistently takes a long to run and has been disabled
+    using the disable_slow_controls attribute. :: SKIP_MESSAGE This control consistently takes a long to run and has been disabled
       using the disable_slow_controls attribute. You must enable this control for a
-      full accredidation for production.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86833r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-031000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+      full accredidation for production.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86833r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-031000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must send rsyslog output
-to a log aggregation server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+to a log aggregation server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Sending rsyslog output to another system ensures that the logs cannot
 be removed or modified in the event that the system is compromised or has a
-hardware failure.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify &quot;rsyslog&quot; is configured to send all messages to a log aggregation
+hardware failure.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify "rsyslog" is configured to send all messages to a log aggregation
 server.
 
-    Check the configuration of &quot;rsyslog&quot; with the following command:
+    Check the configuration of "rsyslog" with the following command:
 
     Note: If another logging package is used, substitute the utility
-configuration file for &quot;&#x2F;etc&#x2F;rsyslog.conf&quot;.
+configuration file for "/etc/rsyslog.conf".
 
-    # grep @ &#x2F;etc&#x2F;rsyslog.conf &#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf
+    # grep @ /etc/rsyslog.conf /etc/rsyslog.d/*.conf
     *.* @@logagg.site.mil
 
-    If there are no lines in the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or
-&quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; files that contain the &quot;@&quot; or &quot;@@&quot; symbol(s), and
+    If there are no lines in the "/etc/rsyslog.conf" or
+"/etc/rsyslog.d/*.conf" files that contain the "@" or "@@" symbol(s), and
 the lines with the correct symbol(s) to send output to another system do not
-cover all &quot;rsyslog&quot; output, ask the System Administrator to indicate how the
+cover all "rsyslog" output, ask the System Administrator to indicate how the
 audit logs are off-loaded to a different system or media.
 
     If the lines are commented out or there is no evidence that the audit logs
-are being sent to another system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Modify the &quot;&#x2F;etc&#x2F;rsyslog.conf&quot; or an &quot;&#x2F;etc&#x2F;rsyslog.d&#x2F;*.conf&quot; file to
-contain a configuration line to send all &quot;rsyslog&quot; output to a log
+are being sent to another system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Modify the "/etc/rsyslog.conf" or an "/etc/rsyslog.d/*.conf" file to
+contain a configuration line to send all "rsyslog" output to a log
 aggregation system:
-    *.* @@&lt;log aggregation system name&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>078df431-45f4-4e49-8c7d-40d1a10ad668</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;grep @ &#x2F;etc&#x2F;rsyslog.conf | grep -v &quot;^#&quot;&#x60; stdout.strip is expected not to be empty
-expected &#x60;&quot;&quot;.empty?&#x60; to return false, got true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71899</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86523r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    *.* @@&lt;log aggregation system name&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72209\" do\n  title \"The Red Hat Enterprise Linux operating system must send rsyslog output\nto a log aggregation server.\"\n  desc  \"Sending rsyslog output to another system ensures that the logs cannot\nbe removed or modified in the event that the system is compromised or has a\nhardware failure.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify \\\"rsyslog\\\" is configured to send all messages to a log aggregation\nserver.\n\n    Check the configuration of \\\"rsyslog\\\" with the following command:\n\n    Note: If another logging package is used, substitute the utility\nconfiguration file for \\\"/etc/rsyslog.conf\\\".\n\n    # grep @ /etc/rsyslog.conf /etc/rsyslog.d/*.conf\n    *.* @@logagg.site.mil\n\n    If there are no lines in the \\\"/etc/rsyslog.conf\\\" or\n\\\"/etc/rsyslog.d/*.conf\\\" files that contain the \\\"@\\\" or \\\"@@\\\" symbol(s), and\nthe lines with the correct symbol(s) to send output to another system do not\ncover all \\\"rsyslog\\\" output, ask the System Administrator to indicate how the\naudit logs are off-loaded to a different system or media.\n\n    If the lines are commented out or there is no evidence that the audit logs\nare being sent to another system, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Modify the \\\"/etc/rsyslog.conf\\\" or an \\\"/etc/rsyslog.d/*.conf\\\" file to\ncontain a configuration line to send all \\\"rsyslog\\\" output to a log\naggregation system:\n    *.* @@&lt;log aggregation system name&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72209\"\n  tag rid: \"SV-86833r2_rule\"\n  tag stig_id: \"RHEL-07-031000\"\n  tag fix_id: \"F-78563r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  log_pkg_path = input('log_pkg_path')\n\n  describe command(\"grep @ #{log_pkg_path} | grep -v \\\"^#\\\"\") do\n    its('stdout.strip') { should_not be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `grep @ /etc/rsyslog.conf | grep -v "^#"` stdout.strip is expected not to be empty :: MESSAGE expected `"".empty?` to return false, got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71899</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86523r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a session
 lock for the screensaver after a period of inactivity for graphical user
-interfaces.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+interfaces.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a session lock after a 15-minute
 period of inactivity for graphical user interfaces. The screen program must be
 installed to lock sessions on the console.
@@ -34938,161 +33374,155 @@ this requirement is Not Applicable.
 
     Check for the session lock settings with the following commands:
 
-    # grep -i idle-activation-enabled &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
+    # grep -i idle-activation-enabled /etc/dconf/db/local.d/*
 
-    idle-activation-enabled&#x3D;true
+    idle-activation-enabled=true
 
-    If &quot;idle-activation-enabled&quot; is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "idle-activation-enabled" is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a session lock after a 15-minute
 period of inactivity for graphical user interfaces.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
     Add the setting to enable screensaver locking after 15 minutes of
 inactivity:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]
+    [org/gnome/desktop/screensaver]
 
-    idle-activation-enabled&#x3D;true
+    idle-activation-enabled=true
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a74fca47-26f7-49d9-b9a3-e9764e41e9af</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71901</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86525r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71899\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a session\nlock for the screensaver after a period of inactivity for graphical user\ninterfaces.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a session lock after a 15-minute\nperiod of inactivity for graphical user interfaces. The screen program must be\ninstalled to lock sessions on the console.\n\n    Note: If the system does not have a Graphical User Interface installed,\nthis requirement is Not Applicable.\n\n    Check for the session lock settings with the following commands:\n\n    # grep -i idle-activation-enabled /etc/dconf/db/local.d/*\n\n    idle-activation-enabled=true\n\n    If \\\"idle-activation-enabled\\\" is not set to \\\"true\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a session lock after a 15-minute\nperiod of inactivity for graphical user interfaces.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Add the setting to enable screensaver locking after 15 minutes of\ninactivity:\n\n    [org/gnome/desktop/screensaver]\n\n    idle-activation-enabled=true\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71899\"\n  tag rid: \"SV-86523r5_rule\"\n  tag stig_id: \"RHEL-07-010100\"\n  tag fix_id: \"F-78251r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command('gsettings get org.gnome.desktop.screensaver idle-activation-enabled') do\n      its('stdout.strip') { should cmp 'true' }\n    end \n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71901</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86525r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must initiate a session
-lock for graphical user interfaces when the screensaver is activated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+lock for graphical user interfaces when the screensaver is activated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>A session time-out lock is a temporary action taken when a user stops
 work and moves away from the immediate physical vicinity of the information
 system but does not log out because of the temporary nature of the absence.
 Rather than relying on the user to manually lock their operating system session
 prior to vacating the vicinity, operating systems need to be able to identify
-when a user&#39;s session has idled and take action to initiate the session lock.
+when a user's session has idled and take action to initiate the session lock.
 
     The session lock is implemented at the point where session activity can be
-determined and&#x2F;or controlled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+determined and/or controlled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system initiates a session lock a for graphical user
 interfaces when the screensaver is activated.
 
@@ -35103,155 +33533,149 @@ console.
     If GNOME is installed, check to see a session lock occurs when the
 screensaver is activated with the following command:
 
-    # grep -i lock-delay &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;*
-    lock-delay&#x3D;uint32 5
+    # grep -i lock-delay /etc/dconf/db/local.d/*
+    lock-delay=uint32 5
 
-    If the &quot;lock-delay&quot; setting is missing, or is not set to &quot;5&quot; or less,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "lock-delay" setting is missing, or is not set to "5" or less,
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to initiate a session lock for graphical
 user interfaces when a screensaver is activated.
 
     Create a database to contain the system-wide screensaver settings (if it
 does not already exist) with the following command:
 
-    # touch &#x2F;etc&#x2F;dconf&#x2F;db&#x2F;local.d&#x2F;00-screensaver
+    # touch /etc/dconf/db/local.d/00-screensaver
 
     Add the setting to enable session locking when a screensaver is activated:
 
-    [org&#x2F;gnome&#x2F;desktop&#x2F;screensaver]
-    lock-delay&#x3D;uint32 5
+    [org/gnome/desktop/screensaver]
+    lock-delay=uint32 5
 
-    The &quot;uint32&quot; must be included along with the integer key values as shown.
+    The "uint32" must be included along with the integer key values as shown.
 
     Update the system databases:
 
     # dconf update
 
     Users must log out and back in again before the system-wide settings take
-effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>24cdf8eb-aa4f-43c3-9ea8-c129ff16b7eb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-The system does not have GNOME installed
-The system does not have GNOME installed, this requirement is Not
-      Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72069</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86693r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71901\" do\n  title \"The Red Hat Enterprise Linux operating system must initiate a session\nlock for graphical user interfaces when the screensaver is activated.\"\n  desc  \"A session time-out lock is a temporary action taken when a user stops\nwork and moves away from the immediate physical vicinity of the information\nsystem but does not log out because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session\nprior to vacating the vicinity, operating systems need to be able to identify\nwhen a user's session has idled and take action to initiate the session lock.\n\n    The session lock is implemented at the point where session activity can be\ndetermined and/or controlled.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system initiates a session lock a for graphical user\ninterfaces when the screensaver is activated.\n\n    Note: If the system does not have GNOME installed, this requirement is Not\nApplicable. The screen program must be installed to lock sessions on the\nconsole.\n\n    If GNOME is installed, check to see a session lock occurs when the\nscreensaver is activated with the following command:\n\n    # grep -i lock-delay /etc/dconf/db/local.d/*\n    lock-delay=uint32 5\n\n    If the \\\"lock-delay\\\" setting is missing, or is not set to \\\"5\\\" or less,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to initiate a session lock for graphical\nuser interfaces when a screensaver is activated.\n\n    Create a database to contain the system-wide screensaver settings (if it\ndoes not already exist) with the following command:\n\n    # touch /etc/dconf/db/local.d/00-screensaver\n\n    Add the setting to enable session locking when a screensaver is activated:\n\n    [org/gnome/desktop/screensaver]\n    lock-delay=uint32 5\n\n    The \\\"uint32\\\" must be included along with the integer key values as shown.\n\n    Update the system databases:\n\n    # dconf update\n\n    Users must log out and back in again before the system-wide settings take\neffect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71901\"\n  tag rid: \"SV-86525r3_rule\"\n  tag stig_id: \"RHEL-07-010110\"\n  tag fix_id: \"F-78253r2_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  if package('gnome-desktop3').installed?\n    describe command(\"gsettings get org.gnome.desktop.screensaver lock-delay | cut -d ' ' -f2\") do\n      its('stdout.strip') { should cmp &lt;= lock_delay }\n    end\n  else\n    impact 0.0\n    describe \"The system does not have GNOME installed\" do\n      skip \"The system does not have GNOME installed, this requirement is Not\n      Applicable.\"\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST The system does not have GNOME installed :: SKIP_MESSAGE The system does not have GNOME installed, this requirement is Not
+      Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72069</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86693r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that the file integrity tool is configured to verify Access Control Lists
-(ACLs).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(ACLs).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ACLs can provide permissions beyond those permitted through the file
-mode and must be verified by file integrity tools.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+mode and must be verified by file integrity tools.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the file integrity tool is configured to verify ACLs.
 
     Check to see if Advanced Intrusion Detection Environment (AIDE) is
@@ -35266,598 +33690,575 @@ checks are performed on the system.
 is a finding.
 
     Note: AIDE is highly configurable at install time. These commands assume
-the &quot;aide.conf&quot; file is under the &quot;&#x2F;etc&quot; directory.
+the "aide.conf" file is under the "/etc" directory.
 
     Use the following command to determine if the file is in another location:
 
-    # find &#x2F; -name aide.conf
+    # find / -name aide.conf
 
-    Check the &quot;aide.conf&quot; file to determine if the &quot;acl&quot; rule has been
+    Check the "aide.conf" file to determine if the "acl" rule has been
 added to the rule list being applied to the files and directories selection
 lists.
 
-    An example rule that includes the &quot;acl&quot; rule is below:
+    An example rule that includes the "acl" rule is below:
 
-    All&#x3D; p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
-    &#x2F;bin All # apply the custom rule to the files in bin
-    &#x2F;sbin All # apply the same custom rule to the files in sbin
+    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+    /bin All # apply the custom rule to the files in bin
+    /sbin All # apply the same custom rule to the files in sbin
 
-    If the &quot;acl&quot; rule is not being used on all uncommented selection lines in
-the &quot;&#x2F;etc&#x2F;aide.conf&quot; file, or ACLs are not being checked by another file
-integrity tool, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "acl" rule is not being used on all uncommented selection lines in
+the "/etc/aide.conf" file, or ACLs are not being checked by another file
+integrity tool, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the file integrity tool to check file and directory ACLs.
 
-    If AIDE is installed, ensure the &quot;acl&quot; rule is present on all uncommented
-file and directory selection lists.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>56627eee-8e63-4b6b-8477-b3a78bb96f63</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package aide is expected to be installed
---------------------------------
-passed
-List of monitored files&#x2F;directories without &#39;acl&#39; rule is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72063</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86687r6_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    If AIDE is installed, ensure the "acl" rule is present on all uncommented
+file and directory selection lists.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72069\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the file integrity tool is configured to verify Access Control Lists\n(ACLs).\"\n  desc  \"ACLs can provide permissions beyond those permitted through the file\nmode and must be verified by file integrity tools.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the file integrity tool is configured to verify ACLs.\n\n    Check to see if Advanced Intrusion Detection Environment (AIDE) is\ninstalled on the system with the following command:\n\n    # yum list installed aide\n\n    If AIDE is not installed, ask the System Administrator how file integrity\nchecks are performed on the system.\n\n    If there is no application installed to perform file integrity checks, this\nis a finding.\n\n    Note: AIDE is highly configurable at install time. These commands assume\nthe \\\"aide.conf\\\" file is under the \\\"/etc\\\" directory.\n\n    Use the following command to determine if the file is in another location:\n\n    # find / -name aide.conf\n\n    Check the \\\"aide.conf\\\" file to determine if the \\\"acl\\\" rule has been\nadded to the rule list being applied to the files and directories selection\nlists.\n\n    An example rule that includes the \\\"acl\\\" rule is below:\n\n    All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n    /bin All # apply the custom rule to the files in bin\n    /sbin All # apply the same custom rule to the files in sbin\n\n    If the \\\"acl\\\" rule is not being used on all uncommented selection lines in\nthe \\\"/etc/aide.conf\\\" file, or ACLs are not being checked by another file\nintegrity tool, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the file integrity tool to check file and directory ACLs.\n\n    If AIDE is installed, ensure the \\\"acl\\\" rule is present on all uncommented\nfile and directory selection lists.\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72069\"\n  tag rid: \"SV-86693r3_rule\"\n  tag stig_id: \"RHEL-07-021600\"\n  tag fix_id: \"F-78421r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe package(\"aide\") do\n    it { should be_installed }\n  end\n\n  findings = []\n  aide_conf.where { !selection_line.start_with? '!' }.entries.each do |selection|\n    unless selection.rules.include? 'acl'\n      findings.append(selection.selection_line)\n    end\n  end\n\n  describe \"List of monitored files/directories without 'acl' rule\" do\n    subject { findings }\n    it { should be_empty }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package aide is expected to be installed
+--------------------------------
+passed :: TEST List of monitored files/directories without 'acl' rule is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72063</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86687r6_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must use a separate file
-system for the system audit data path.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+system for the system audit data path.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The use of separate file systems for different paths can protect the
-system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+system from failures resulting from a file system becoming full or failing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Determine if the operating system is configured to have the
-&quot;&#x2F;var&#x2F;log&#x2F;audit&quot; path is on a separate file system.
+"/var/log/audit" path is on a separate file system.
 
-    # grep &#x2F;var&#x2F;log&#x2F;audit &#x2F;etc&#x2F;fstab
+    # grep /var/log/audit /etc/fstab
 
     If no result is returned, or the operating system is not configured to have
-&quot;&#x2F;var&#x2F;log&#x2F;audit&quot; on a separate file system, this is a finding.
-
-    Verify that &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is mounted on a separate file system:
-
-    # mount | grep &quot;&#x2F;var&#x2F;log&#x2F;audit&quot;
-
-    If no result is returned, or &quot;&#x2F;var&#x2F;log&#x2F;audit&quot; is not on a separate file
-system, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Migrate the system audit data path onto a separate file system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>329011ca-533a-4afe-93f8-08104db49d18</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Mount &#x2F;var&#x2F;log&#x2F;audit is expected to be mounted
-
-Mount &#x2F;var&#x2F;log&#x2F;audit is not mounted
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72031</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86655r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/var/log/audit" on a separate file system, this is a finding.
+
+    Verify that "/var/log/audit" is mounted on a separate file system:
+
+    # mount | grep "/var/log/audit"
+
+    If no result is returned, or "/var/log/audit" is not on a separate file
+system, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Migrate the system audit data path onto a separate file system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72063\" do\n  title \"The Red Hat Enterprise Linux operating system must use a separate file\nsystem for the system audit data path.\"\n  desc  \"The use of separate file systems for different paths can protect the\nsystem from failures resulting from a file system becoming full or failing.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Determine if the operating system is configured to have the\n\\\"/var/log/audit\\\" path is on a separate file system.\n\n    # grep /var/log/audit /etc/fstab\n\n    If no result is returned, or the operating system is not configured to have\n\\\"/var/log/audit\\\" on a separate file system, this is a finding.\n\n    Verify that \\\"/var/log/audit\\\" is mounted on a separate file system:\n\n    # mount | grep \\\"/var/log/audit\\\"\n\n    If no result is returned, or \\\"/var/log/audit\\\" is not on a separate file\nsystem, this is a finding.\n  \"\n  desc  \"fix\", \"Migrate the system audit data path onto a separate file system.\"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72063\"\n  tag rid: \"SV-86687r6_rule\"\n  tag stig_id: \"RHEL-07-021330\"\n  tag fix_id: \"F-78415r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe mount('/var/log/audit') do\n    it {should be_mounted}\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Mount /var/log/audit is expected to be mounted :: MESSAGE 
+Mount /var/log/audit is not mounted</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72031</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86655r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all local initialization files for local interactive users are be
-group-owned by the users primary group or root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+group-owned by the users primary group or root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Local initialization files for interactive users are used to configure
-the user&#39;s shell environment upon logon. Malicious modification of these files
-could compromise accounts upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+the user's shell environment upon logon. Malicious modification of these files
+could compromise accounts upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the local initialization files of all local interactive users are
-group-owned by that user&#39;s primary Group Identifier (GID).
+group-owned by that user's primary Group Identifier (GID).
 
     Check the home directory assignment for all non-privileged users on the
 system with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot; and a primary group of &quot;users&quot;.
+"/home/smithj" and a primary group of "users".
 
-    # cut -d: -f 1,4,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
-    smithj:1000:&#x2F;home&#x2F;smithj
+    # cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+    smithj:1000:/home/smithj
 
-    # grep 1000 &#x2F;etc&#x2F;group
+    # grep 1000 /etc/group
     users:x:1000:smithj,jonesj,jacksons
 
     Note: This may miss interactive users that have been assigned a privileged
 User Identifier (UID). Evidence of interactive use may be obtained from a
 number of log files containing system logon information.
 
-    Check the group owner of all local interactive user&#39;s initialization files
+    Check the group owner of all local interactive user's initialization files
 with the following command:
 
-    # ls -al &#x2F;home&#x2F;smithj&#x2F;.[^.]* | more
+    # ls -al /home/smithj/.[^.]* | more
 
     -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
     -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
     -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something
 
-    If all local interactive user&#39;s initialization files are not group-owned by
-that user&#39;s primary GID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Change the group owner of a local interactive user&#39;s files to the group
-found in &quot;&#x2F;etc&#x2F;passwd&quot; for the user. To change the group owner of a local
-interactive user&#39;s home directory, use the following command:
+    If all local interactive user's initialization files are not group-owned by
+that user's primary GID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Change the group owner of a local interactive user's files to the group
+found in "/etc/passwd" for the user. To change the group owner of a local
+interactive user's home directory, use the following command:
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;, and has a primary group of users.
-
-    # chgrp users &#x2F;home&#x2F;smithj&#x2F;.[^.]*</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f89367f3-a0f4-4609-9389-ac82c59fe019</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {}&gt; length is expected to &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71923</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86547r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj", and has a primary group of users.
+
+    # chgrp users /home/smithj/.[^.]*</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72031\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local initialization files for local interactive users are be\ngroup-owned by the users primary group or root.\"\n  desc  \"Local initialization files for interactive users are used to configure\nthe user's shell environment upon logon. Malicious modification of these files\ncould compromise accounts upon logon.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the local initialization files of all local interactive users are\ngroup-owned by that user's primary Group Identifier (GID).\n\n    Check the home directory assignment for all non-privileged users on the\nsystem with the following command:\n\n    Note: The example will be for the smithj user, who has a home directory of\n\\\"/home/smithj\\\" and a primary group of \\\"users\\\".\n\n    # cut -d: -f 1,4,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n    smithj:1000:/home/smithj\n\n    # grep 1000 /etc/group\n    users:x:1000:smithj,jonesj,jacksons\n\n    Note: This may miss interactive users that have been assigned a privileged\nUser Identifier (UID). Evidence of interactive use may be obtained from a\nnumber of log files containing system logon information.\n\n    Check the group owner of all local interactive user's initialization files\nwith the following command:\n\n    # ls -al /home/smithj/.[^.]* | more\n\n    -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile\n    -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login\n    -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something\n\n    If all local interactive user's initialization files are not group-owned by\nthat user's primary GID, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Change the group owner of a local interactive user's files to the group\nfound in \\\"/etc/passwd\\\" for the user. To change the group owner of a local\ninteractive user's home directory, use the following command:\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\", and has a primary group of users.\n\n    # chgrp users /home/smithj/.[^.]*\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72031\"\n  tag rid: \"SV-86655r4_rule\"\n  tag stig_id: \"RHEL-07-020700\"\n  tag fix_id: \"F-78383r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  findings = Set[]\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= 1000 || uid == 0)}.entries.each do |user_info|\n    findings = findings + command(\"find #{user_info.home} -name '.*' -not -gid #{user_info.gid} -not -group root\").stdout.split(\"\\n\")\n  end\n  describe findings do\n    its('length') { should == 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {}&gt; length is expected to == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71923</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000073-GPOS-00041</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86547r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that user and group account administration utilities are configured to store
-only encrypted representations of passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+only encrypted representations of passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Passwords need to be protected at all times, and encryption is the
 standard method for protecting passwords. If passwords are not encrypted, they
 can be plainly read (i.e., clear text) and easily compromised. Passwords
 encrypted with a weak algorithm are no more protected than if they are kept in
-plain text.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+plain text.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the user and group account administration utilities are configured
 to store only encrypted representations of passwords. The strength of
-encryption that must be used to hash passwords for all accounts is &quot;SHA512&quot;.
+encryption that must be used to hash passwords for all accounts is "SHA512".
 
-    Check that the system is configured to create &quot;SHA512&quot; hashed passwords
+    Check that the system is configured to create "SHA512" hashed passwords
 with the following command:
 
-    # grep -i sha512 &#x2F;etc&#x2F;libuser.conf
+    # grep -i sha512 /etc/libuser.conf
 
-    crypt_style &#x3D; sha512
+    crypt_style = sha512
 
-    If the &quot;crypt_style&quot; variable is not set to &quot;sha512&quot;, is not in the
-defaults section, is commented out, or does not exist, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "crypt_style" variable is not set to "sha512", is not in the
+defaults section, is commented out, or does not exist, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
-    Add or update the following line in &quot;&#x2F;etc&#x2F;libuser.conf&quot; in the [defaults]
+    Add or update the following line in "/etc/libuser.conf" in the [defaults]
 section:
 
-    crypt_style &#x3D; sha512</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f95f9c41-379a-47ee-9950-39895035a7df</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;cat &#x2F;etc&#x2F;libuser.conf | grep -i sha512&#x60; stdout.strip is expected to match &#x2F;^crypt_style &#x3D; sha512$&#x2F;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-81007</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-95719r1_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010491</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    crypt_style = sha512</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71923\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat user and group account administration utilities are configured to store\nonly encrypted representations of passwords.\"\n  desc  \"Passwords need to be protected at all times, and encryption is the\nstandard method for protecting passwords. If passwords are not encrypted, they\ncan be plainly read (i.e., clear text) and easily compromised. Passwords\nencrypted with a weak algorithm are no more protected than if they are kept in\nplain text.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the user and group account administration utilities are configured\nto store only encrypted representations of passwords. The strength of\nencryption that must be used to hash passwords for all accounts is \\\"SHA512\\\".\n\n    Check that the system is configured to create \\\"SHA512\\\" hashed passwords\nwith the following command:\n\n    # grep -i sha512 /etc/libuser.conf\n\n    crypt_style = sha512\n\n    If the \\\"crypt_style\\\" variable is not set to \\\"sha512\\\", is not in the\ndefaults section, is commented out, or does not exist, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to store only SHA512 encrypted\nrepresentations of passwords.\n\n    Add or update the following line in \\\"/etc/libuser.conf\\\" in the [defaults]\nsection:\n\n    crypt_style = sha512\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000073-GPOS-00041\"\n  tag gid: \"V-71923\"\n  tag rid: \"SV-86547r3_rule\"\n  tag stig_id: \"RHEL-07-010220\"\n  tag fix_id: \"F-78275r1_fix\"\n  tag cci: [\"CCI-000196\"]\n  tag nist: [\"IA-5 (1) (c)\", \"Rev_4\"]\n\n  describe command(\"cat /etc/libuser.conf | grep -i sha512\") do\n    its('stdout.strip') { should match %r(^crypt_style = sha512$) }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `cat /etc/libuser.conf | grep -i sha512` stdout.strip is expected to match /^crypt_style = sha512$/</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-81007</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000080-GPOS-00048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-95719r1_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010491</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Red Hat Enterprise Linux operating systems version 7.2 or newer using
 Unified Extensible Firmware Interface (UEFI) must require authentication upon
-booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+booting into single-user and maintenance modes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system does not require valid root authentication before it
 boots into single-user or maintenance mode, anyone who invokes single-user or
 maintenance mode is granted privileged access to all files on the system. GRUB
 2 is the default boot loader for RHEL 7 and is designed to require a password
-to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+to boot into single-user mode or make modifications to the boot menu.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that use BIOS, this is Not Applicable.
 
     For systems that are running a version of RHEL prior to 7.2, this is Not
@@ -35866,22 +34267,22 @@ Applicable.
     Check to see if an encrypted root password is set. On systems that use
 UEFI, use the following command:
 
-    # grep -iw grub2_password &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;user.cfg
-    GRUB2_PASSWORD&#x3D;grub.pbkdf2.sha512.[password_hash]
+    # grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
-    If the root password does not begin with &quot;grub.pbkdf2.sha512&quot;, this is a
+    If the root password does not begin with "grub.pbkdf2.sha512", this is a
 finding.
 
-    Verify that the &quot;root&quot; account is set as the &quot;superusers&quot;:
+    Verify that the "root" account is set as the "superusers":
 
-    # grep -iw &quot;superusers&quot; &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
-        set superusers&#x3D;&quot;root&quot;
+    # grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+        set superusers="root"
         export superusers
 
-    If &quot;superusers&quot; is not set to &quot;root&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "superusers" is not set to "root", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to encrypt the boot password for root.
 
     Generate an encrypted grub2 password for root with the following command:
@@ -35892,848 +34293,802 @@ finding.
     Enter password:
     Confirm password:
 
-    Edit the &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg file and add or modify the following
-lines in the &quot;### BEGIN &#x2F;etc&#x2F;grub.d&#x2F;01_users ###&quot; section:
-
-    set superusers&#x3D;&quot;root&quot;
-    export superusers</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7f9dd51d-9897-468d-9990-d68bd08d6d5d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-System running BIOS
-The System is running BIOS, this control is Not Applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72119</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86743r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following
+lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+
+    set superusers="root"
+    export superusers</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-81007\" do\n  title \"Red Hat Enterprise Linux operating systems version 7.2 or newer using\nUnified Extensible Firmware Interface (UEFI) must require authentication upon\nbooting into single-user and maintenance modes.\"\n  desc  \"If the system does not require valid root authentication before it\nboots into single-user or maintenance mode, anyone who invokes single-user or\nmaintenance mode is granted privileged access to all files on the system. GRUB\n2 is the default boot loader for RHEL 7 and is designed to require a password\nto boot into single-user mode or make modifications to the boot menu.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    For systems that use BIOS, this is Not Applicable.\n\n    For systems that are running a version of RHEL prior to 7.2, this is Not\nApplicable.\n\n    Check to see if an encrypted root password is set. On systems that use\nUEFI, use the following command:\n\n    # grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg\n    GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]\n\n    If the root password does not begin with \\\"grub.pbkdf2.sha512\\\", this is a\nfinding.\n\n    Verify that the \\\"root\\\" account is set as the \\\"superusers\\\":\n\n    # grep -iw \\\"superusers\\\" /boot/efi/EFI/redhat/grub.cfg\n        set superusers=\\\"root\\\"\n        export superusers\n\n    If \\\"superusers\\\" is not set to \\\"root\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to encrypt the boot password for root.\n\n    Generate an encrypted grub2 password for root with the following command:\n\n    Note: The hash generated is an example.\n\n    # grub2-setpassword\n    Enter password:\n    Confirm password:\n\n    Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following\nlines in the \\\"### BEGIN /etc/grub.d/01_users ###\\\" section:\n\n    set superusers=\\\"root\\\"\n    export superusers\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000080-GPOS-00048\"\n  tag gid: \"V-81007\"\n  tag rid: \"SV-95719r1_rule\"\n  tag stig_id: \"RHEL-07-010491\"\n  tag fix_id: \"F-87841r2_fix\"\n  tag cci: [\"CCI-000213\"]\n  tag nist: [\"AC-3\", \"Rev_4\"]\n\n  unless file('/sys/firmware/efi').exist?\n    impact 0.0\n    describe \"System running BIOS\" do\n      skip \"The System is running BIOS, this control is Not Applicable.\"\n    end\n  else\n    unless os[:release] &gt;= \"7.2\"\n      impact 0.0\n      describe \"System running version of RHEL prior to 7.2\" do\n        skip \"The System is running an outdated version of RHEL, this control is Not Applicable.\"\n      end\n    else\n      impact 0.7\n      input('grub_uefi_user_boot_files').each do |grub_user_file|\n        describe parse_config_file(grub_user_file) do\n          its('GRUB2_PASSWORD') { should include \"grub.pbkdf2.sha512\"}\n        end\n      end\n\n      describe parse_config_file(input('grub_uefi_main_cfg')) do\n        its('set superusers') { should cmp '\"root\"' }  \n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST System running BIOS :: SKIP_MESSAGE The System is running BIOS, this control is Not Applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72119</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000458-GPOS-00203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86743r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the fremovexattr syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the fremovexattr syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fremovexattr&quot; syscall occur.
+successful/unsuccessful attempts to use the "fremovexattr" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw fremovexattr &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw fremovexattr /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    -a always,exit -F arch&#x3D;b64 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
+    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;fremovexattr&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"fremovexattr" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;fremovexattr&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    -a always,exit -F arch&#x3D;b64 -S fremovexattr -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k perm_mod
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>121bbcd6-231a-46e9-90fd-5062ece6daa4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;fremovexattr&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86821r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030870</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "fremovexattr" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F
+auid!=4294967295 -k perm_mod
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72119\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe fremovexattr syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"fremovexattr\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw fremovexattr /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"fremovexattr\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"fremovexattr\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    -a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F\nauid!=4294967295 -k perm_mod\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000458-GPOS-00203\"\n  tag satisfies: [\"SRG-OS-000458-GPOS-00203\", \"SRG-OS-000392-GPOS-00172\",\n\"SRG-OS-000064-GPOS-00033\"]\n  tag gid: \"V-72119\"\n  tag rid: \"SV-86743r5_rule\"\n  tag stig_id: \"RHEL-07-030480\"\n  tag fix_id: \"F-78471r6_fix\"\n  tag cci: [\"CCI-000172\"]\n  tag nist: [\"AU-12 c\", \"Rev_4\"]\n\n  describe auditd.syscall(\"fremovexattr\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"fremovexattr\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "fremovexattr" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000004-GPOS-00004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86821r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030870</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must generate audit
 records for all account creations, modifications, disabling, and termination
-events that affect &#x2F;etc&#x2F;passwd.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+events that affect /etc/passwd.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system must generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;passwd&quot;.
+"/etc/passwd".
 
-    Check the auditing rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the auditing rules in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep &#x2F;etc&#x2F;passwd &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep /etc/passwd /etc/audit/audit.rules
 
-    -w &#x2F;etc&#x2F;passwd -p wa -k identity
+    -w /etc/passwd -p wa -k identity
 
     If the command does not return a line, or the line is commented out, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records for all account
 creations, modifications, disabling, and termination events that affect
-&quot;&#x2F;etc&#x2F;passwd&quot;.
-
-    Add or update the following rule &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -w &#x2F;etc&#x2F;passwd -p wa -k identity
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>54f67684-ad38-4ad0-8c63-3358b91ef07a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;passwd&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;etc&#x2F;passwd&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;w&quot;
---------------------------------
-passed
-[&quot;w&quot;, &quot;a&quot;] is expected to include &quot;a&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72125</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86749r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030510</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/passwd".
+
+    Add or update the following rule "/etc/audit/rules.d/audit.rules":
+
+    -w /etc/passwd -p wa -k identity
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72197\" do\n  title \"The Red Hat Enterprise Linux operating system must generate audit\nrecords for all account creations, modifications, disabling, and termination\nevents that affect /etc/passwd.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system must generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/passwd\\\".\n\n    Check the auditing rules in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep /etc/passwd /etc/audit/audit.rules\n\n    -w /etc/passwd -p wa -k identity\n\n    If the command does not return a line, or the line is commented out, this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records for all account\ncreations, modifications, disabling, and termination events that affect\n\\\"/etc/passwd\\\".\n\n    Add or update the following rule \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -w /etc/passwd -p wa -k identity\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000004-GPOS-00004\"\n  tag satisfies: [\"SRG-OS-000004-GPOS-00004\", \"SRG-OS-000239-GPOS-00089\",\n\"SRG-OS-000240-GPOS-00090\", \"SRG-OS-000241-GPOS-00091\",\n\"SRG-OS-000303-GPOS-00120\", \"SRG-OS-000476-GPOS-00221\"]\n  tag gid: \"V-72197\"\n  tag rid: \"SV-86821r5_rule\"\n  tag stig_id: \"RHEL-07-030870\"\n  tag fix_id: \"F-78551r4_fix\"\n  tag cci: [\"CCI-000018\", \"CCI-000172\", \"CCI-001403\", \"CCI-002130\"]\n  tag nist: [\"AC-2 (4)\", \"AU-12 c\", \"AC-2 (4)\", \"AC-2 (4)\", \"Rev_4\"]\n\n  audit_file = '/etc/passwd'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'w' }\n      it { should include 'a' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000018</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001403</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/etc/passwd" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/etc/passwd" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "w"
+--------------------------------
+passed :: TEST ["w", "a"] is expected to include "a"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72125</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000064-GPOS-00033</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86749r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030510</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the open syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the open syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open&quot; syscall occur.
+successful/unsuccessful attempts to use the "open" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw open &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw open /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
+    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;open&quot; syscall, this is a finding.
+    If both the "b32" and "b64" audit rules are not defined for the
+"open" syscall, this is a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EPERM&quot;, this is
+    If the output does not produce rules containing "-F exit=-EPERM", this is
 a finding.
 
-    If the output does not produce rules containing &quot;-F exit&#x3D;-EACCES&quot;, this
-is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the output does not produce rules containing "-F exit=-EACCES", this
+is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;open&quot; syscall occur.
-
-    Add or update the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b32 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EPERM -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    -a always,exit -F arch&#x3D;b64 -S open -F exit&#x3D;-EACCES -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k access
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5a5405b4-9be8-4fd8-b16a-f08cf3989481</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b32&quot; exit.uniq is expected to include &quot;-EACCES&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EPERM&quot;
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;open&quot; arch &#x3D;&#x3D; &quot;b64&quot; exit.uniq is expected to include &quot;-EACCES&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86785r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "open" syscall occur.
+
+    Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F
+auid!=4294967295 -k access
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72125\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe open syscall.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"open\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw open /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"open\\\" syscall, this is a finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EPERM\\\", this is\na finding.\n\n    If the output does not produce rules containing \\\"-F exit=-EACCES\\\", this\nis a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"open\\\" syscall occur.\n\n    Add or update the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F\nauid!=4294967295 -k access\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000064-GPOS-00033\"\n  tag satisfies: [\"SRG-OS-000064-GPOS-00033\", \"SRG-OS-000458-GPOS-00203\",\n\"SRG-OS-000461-GPOS-00205\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72125\"\n  tag rid: \"SV-86749r5_rule\"\n  tag stig_id: \"RHEL-07-030510\"\n  tag fix_id: \"F-78477r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"open\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EPERM' }\n  end\n  describe auditd.syscall(\"open\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n    its('exit.uniq') { should include '-EACCES' }\n  end\n\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"open\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EPERM' }\n    end\n    describe auditd.syscall(\"open\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n      its('exit.uniq') { should include '-EACCES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "open" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b32" exit.uniq is expected to include "-EACCES"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" exit.uniq is expected to include "-EPERM"
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "open" arch == "b64" exit.uniq is expected to include "-EACCES"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-GPOS-00015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86785r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the sudo command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the sudo command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged access commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;sudo&quot; command occur.
+successful/unsuccessful attempts to use the "sudo" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;bin&#x2F;sudo &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/bin/sudo /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;sudo -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;sudo&quot; command occur.
+successful/unsuccessful attempts to use the "sudo" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;sudo -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2271cd4c-0ac7-4f64-99ce-5bf4860e7d8e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;sudo&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;sudo&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86639r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020620</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72161\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe sudo command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged access commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"sudo\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/bin/sudo /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"sudo\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000037-GPOS-00015\"\n  tag satisfies: [\"SRG-OS-000037-GPOS-00015\", \"SRG-OS-000042-GPOS-00020\",\n\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000462-GPOS-00206\",\n\"SRG-OS-000471-GPOS-00215\"]\n  tag gid: \"V-72161\"\n  tag rid: \"SV-86785r4_rule\"\n  tag stig_id: \"RHEL-07-030690\"\n  tag fix_id: \"F-78513r5_fix\"\n  tag cci: [\"CCI-000130\", \"CCI-000135\", \"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-3\", \"AU-3 (1)\", \"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/sudo'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/sudo" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/sudo" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86639r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020620</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all local interactive user home directories are defined in the &#x2F;etc&#x2F;passwd
-file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all local interactive user home directories are defined in the /etc/passwd
+file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If a local interactive user has a home directory defined that does not
-exist, the user may be given access to the &#x2F; directory as the current working
+exist, the user may be given access to the / directory as the current working
 directory upon logon. This could create a Denial of Service because the user
 would not be able to access their logon configuration files, and it may give
-them visibility to system files they normally would not be able to access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+them visibility to system files they normally would not be able to access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the assigned home directory of all local interactive users on the
 system exists.
 
     Check the home directory assignment for all local interactive
 non-privileged users on the system with the following command:
 
-    # cut -d: -f 1,3,6 &#x2F;etc&#x2F;passwd | egrep &quot;:[1-4][0-9]{3}&quot;
+    # cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
 
-    smithj:1001:&#x2F;home&#x2F;smithj
+    smithj:1001:/home/smithj
 
     Note: This may miss interactive users that have been assigned a privileged
 UID. Evidence of interactive use may be obtained from a number of log files
@@ -36742,593 +35097,570 @@ containing system logon information.
     Check that all referenced home directories exist with the following command:
 
     # pwck -r
-    user &#39;smithj&#39;: directory &#39;&#x2F;home&#x2F;smithj&#39; does not exist
+    user 'smithj': directory '/home/smithj' does not exist
 
-    If any home directories referenced in &quot;&#x2F;etc&#x2F;passwd&quot; are returned as not
-defined, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any home directories referenced in "/etc/passwd" are returned as not
+defined, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Create home directories to all local interactive users that currently do
 not have a home directory assigned. Use the following commands to create the
-user home directory assigned in &quot;&#x2F;etc&#x2F; passwd&quot;:
+user home directory assigned in "/etc/ passwd":
 
     Note: The example will be for the user smithj, who has a home directory of
-&quot;&#x2F;home&#x2F;smithj&quot;, a UID of &quot;smithj&quot;, and a Group Identifier (GID) of
-&quot;users&quot; assigned in &quot;&#x2F;etc&#x2F;passwd&quot;.
-
-    # mkdir &#x2F;home&#x2F;smithj
-    # chown smithj &#x2F;home&#x2F;smithj
-    # chgrp users &#x2F;home&#x2F;smithj
-    # chmod 0750 &#x2F;home&#x2F;smithj</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4cfc2467-64cc-4cb9-9bb3-24461e450f3b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Directory &#x2F;root is expected to exist
---------------------------------
-passed
-Directory &#x2F;home&#x2F;ec2-user is expected to exist</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72293</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86917r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040660</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/home/smithj", a UID of "smithj", and a Group Identifier (GID) of
+"users" assigned in "/etc/passwd".
+
+    # mkdir /home/smithj
+    # chown smithj /home/smithj
+    # chgrp users /home/smithj
+    # chmod 0750 /home/smithj</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72015\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all local interactive user home directories are defined in the /etc/passwd\nfile.\"\n  desc  \"If a local interactive user has a home directory defined that does not\nexist, the user may be given access to the / directory as the current working\ndirectory upon logon. This could create a Denial of Service because the user\nwould not be able to access their logon configuration files, and it may give\nthem visibility to system files they normally would not be able to access.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the assigned home directory of all local interactive users on the\nsystem exists.\n\n    Check the home directory assignment for all local interactive\nnon-privileged users on the system with the following command:\n\n    # cut -d: -f 1,3,6 /etc/passwd | egrep \\\":[1-4][0-9]{3}\\\"\n\n    smithj:1001:/home/smithj\n\n    Note: This may miss interactive users that have been assigned a privileged\nUID. Evidence of interactive use may be obtained from a number of log files\ncontaining system logon information.\n\n    Check that all referenced home directories exist with the following command:\n\n    # pwck -r\n    user 'smithj': directory '/home/smithj' does not exist\n\n    If any home directories referenced in \\\"/etc/passwd\\\" are returned as not\ndefined, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Create home directories to all local interactive users that currently do\nnot have a home directory assigned. Use the following commands to create the\nuser home directory assigned in \\\"/etc/ passwd\\\":\n\n    Note: The example will be for the user smithj, who has a home directory of\n\\\"/home/smithj\\\", a UID of \\\"smithj\\\", and a Group Identifier (GID) of\n\\\"users\\\" assigned in \\\"/etc/passwd\\\".\n\n    # mkdir /home/smithj\n    # chown smithj /home/smithj\n    # chgrp users /home/smithj\n    # chmod 0750 /home/smithj\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72015\"\n  tag rid: \"SV-86639r2_rule\"\n  tag stig_id: \"RHEL-07-020620\"\n  tag fix_id: \"F-78367r2_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  exempt_home_users = input('exempt_home_users')\n  non_interactive_shells = input('non_interactive_shells')\n\n  ignore_shells = non_interactive_shells.join('|')\n\n  uid_min = login_defs.read_params['UID_MIN'].to_i\n  uid_min = 1000 if uid_min.nil?\n\n  users.where{ !shell.match(ignore_shells) &amp;&amp; (uid &gt;= uid_min || uid == 0)}.entries.each do |user_info|\n    next if exempt_home_users.include?(\"#{user_info.username}\")\n    describe directory(user_info.home) do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Directory /root is expected to exist
+--------------------------------
+passed :: TEST Directory /home/ec2-user is expected to exist</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72293</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86917r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040660</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not send Internet
-Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ICMP redirect messages are used by routers to inform hosts that a more
 direct route exists for a particular destination. These messages contain
-information from the system&#39;s route table, possibly revealing portions of the
-network topology.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information from the system's route table, possibly revealing portions of the
+network topology.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the system does not send IPv4 ICMP redirect messages.
 
-    # grep &#39;net.ipv4.conf.all.send_redirects&#39; &#x2F;etc&#x2F;sysctl.conf &#x2F;etc&#x2F;sysctl.d&#x2F;*
+    # grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*
 
-    If &quot;net.ipv4.conf.all.send_redirects&quot; is not configured in the
-&#x2F;etc&#x2F;sysctl.conf file or in the &#x2F;etc&#x2F;sysctl.d&#x2F; directory, is commented out or
-does not have a value of &quot;0&quot;, this is a finding.
+    If "net.ipv4.conf.all.send_redirects" is not configured in the
+/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or
+does not have a value of "0", this is a finding.
 
-    Check that the operating system implements the &quot;all send_redirects&quot;
+    Check that the operating system implements the "all send_redirects"
 variables with the following command:
 
-    # &#x2F;sbin&#x2F;sysctl -a | grep &#39;net.ipv4.conf.all.send_redirects&#39;
+    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'
 
-    net.ipv4.conf.all.send_redirects &#x3D; 0
+    net.ipv4.conf.all.send_redirects = 0
 
-    If the returned line does not have a value of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the returned line does not have a value of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the system to not allow interfaces to perform IPv4 ICMP
 redirects.
 
     Set the system to the required kernel parameter by adding the following
-line to &quot;&#x2F;etc&#x2F;sysctl.conf&quot; or a configuration file in the &#x2F;etc&#x2F;sysctl.d&#x2F;
+line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/
 directory (or modify the line to have the required value):
 
-    net.ipv4.conf.all.send_redirects &#x3D; 0
+    net.ipv4.conf.all.send_redirects = 0
 
     Issue the following command to make the changes take effect:
 
-    # sysctl --system</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c17a0e1f-4e3f-4530-85e5-55841c9673cb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Kernel Parameter net.ipv4.conf.all.send_redirects value is expected to eq 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72141</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86765r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030590</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # sysctl --system</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72293\" do\n  title \"The Red Hat Enterprise Linux operating system must not send Internet\nProtocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.\"\n  desc  \"ICMP redirect messages are used by routers to inform hosts that a more\ndirect route exists for a particular destination. These messages contain\ninformation from the system's route table, possibly revealing portions of the\nnetwork topology.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the system does not send IPv4 ICMP redirect messages.\n\n    # grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*\n\n    If \\\"net.ipv4.conf.all.send_redirects\\\" is not configured in the\n/etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or\ndoes not have a value of \\\"0\\\", this is a finding.\n\n    Check that the operating system implements the \\\"all send_redirects\\\"\nvariables with the following command:\n\n    # /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'\n\n    net.ipv4.conf.all.send_redirects = 0\n\n    If the returned line does not have a value of \\\"0\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the system to not allow interfaces to perform IPv4 ICMP\nredirects.\n\n    Set the system to the required kernel parameter by adding the following\nline to \\\"/etc/sysctl.conf\\\" or a configuration file in the /etc/sysctl.d/\ndirectory (or modify the line to have the required value):\n\n    net.ipv4.conf.all.send_redirects = 0\n\n    Issue the following command to make the changes take effect:\n\n    # sysctl --system\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72293\"\n  tag rid: \"SV-86917r3_rule\"\n  tag stig_id: \"RHEL-07-040660\"\n  tag fix_id: \"F-78647r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe kernel_parameter('net.ipv4.conf.all.send_redirects') do\n    its('value') { should eq 0 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Kernel Parameter net.ipv4.conf.all.send_redirects value is expected to eq 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72141</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86765r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030590</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the setfiles command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the setfiles command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setfiles&quot; command occur.
+successful/unsuccessful attempts to use the "setfiles" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;setfiles &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/setfiles /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setfiles -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;setfiles&quot; command occur.
+successful/unsuccessful attempts to use the "setfiles" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;setfiles -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295
+    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295
 -k privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>778d96fd-c19b-4709-afc2-edc76ce0f434</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setfiles&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;setfiles&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72053</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86677r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72141\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe setfiles command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"setfiles\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -iw /usr/sbin/setfiles /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"setfiles\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=4294967295\n-k privileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72141\"\n  tag rid: \"SV-86765r5_rule\"\n  tag stig_id: \"RHEL-07-030590\"\n  tag fix_id: \"F-78493r7_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/setfiles'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/setfiles" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/setfiles" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72053</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86677r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the cron.allow file, if it exists, is owned by root.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the owner of the &quot;cron.allow&quot; file is not set to root, the
+that the cron.allow file, if it exists, is owned by root.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the owner of the "cron.allow" file is not set to root, the
 possibility exists for an unauthorized user to view or to edit sensitive
-information.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify that the &quot;cron.allow&quot; file is owned by root.
-
-    Check the owner of the &quot;cron.allow&quot; file with the following command:
-
-    # ls -al &#x2F;etc&#x2F;cron.allow
-    -rw------- 1 root root 6 Mar  5  2011 &#x2F;etc&#x2F;cron.allow
-
-    If the &quot;cron.allow&quot; file exists and has an owner other than root, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Set the owner on the &quot;&#x2F;etc&#x2F;cron.allow&quot; file to root with the following
+information.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify that the "cron.allow" file is owned by root.
+
+    Check the owner of the "cron.allow" file with the following command:
+
+    # ls -al /etc/cron.allow
+    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow
+
+    If the "cron.allow" file exists and has an owner other than root, this is
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Set the owner on the "/etc/cron.allow" file to root with the following
 command:
 
-    # chown root &#x2F;etc&#x2F;cron.allow</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>518267c7-eeb3-4a1b-9d62-3a90e4f3d60b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-File &#x2F;etc&#x2F;cron.allow is expected to be owned by &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71897</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86521r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010090</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # chown root /etc/cron.allow</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72053\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the cron.allow file, if it exists, is owned by root.\"\n  desc  \"If the owner of the \\\"cron.allow\\\" file is not set to root, the\npossibility exists for an unauthorized user to view or to edit sensitive\ninformation.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that the \\\"cron.allow\\\" file is owned by root.\n\n    Check the owner of the \\\"cron.allow\\\" file with the following command:\n\n    # ls -al /etc/cron.allow\n    -rw------- 1 root root 6 Mar  5  2011 /etc/cron.allow\n\n    If the \\\"cron.allow\\\" file exists and has an owner other than root, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Set the owner on the \\\"/etc/cron.allow\\\" file to root with the following\ncommand:\n\n    # chown root /etc/cron.allow\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72053\"\n  tag rid: \"SV-86677r3_rule\"\n  tag stig_id: \"RHEL-07-021110\"\n  tag fix_id: \"F-78405r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    # case where file doesn't exist\n    describe file('/etc/cron.allow') do\n      it { should_not exist }\n    end\n    # case where file exists\n    describe file('/etc/cron.allow') do\n      it { should be_owned_by 'root' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST File /etc/cron.allow is expected to be owned by "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71897</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-GPOS-00010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86521r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010090</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must have the screen
-package installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+package installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>:  A session time-out lock is a temporary action taken when a user
 stops work and moves away from the immediate physical vicinity of the
 information system but does not log out because of the temporary nature of the
 absence. Rather than relying on the user to manually lock their operating
 system session prior to vacating the vicinity, operating systems need to be
-able to identify when a user&#39;s session has idled and take action to initiate
+able to identify when a user's session has idled and take action to initiate
 the session lock.
 
     The screen and tmux packages allow for a session lock to be implemented and
-configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system has the screen package installed.
 
     Check to see if the screen package is installed with the following command:
@@ -37343,10 +35675,10 @@ installed with the following command:
     tmux-1.8-4.el7.x86_64.rpm
 
     If either the screen package or the tmux package is not installed, this is
-a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Install the screen package to allow the initiation of a session lock after
 a 15-minute period of inactivity.
 
@@ -37360,141 +35692,136 @@ command:
     Install the tmux program (if it is not on the system) with the following
 command:
 
-    #yum install tmux</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f732518e-83b1-4768-b772-81dd2c282f60</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package screen is expected to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72303</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86927r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    #yum install tmux</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71897\" do\n  title \"The Red Hat Enterprise Linux operating system must have the screen\npackage installed.\"\n  desc  \":  A session time-out lock is a temporary action taken when a user\nstops work and moves away from the immediate physical vicinity of the\ninformation system but does not log out because of the temporary nature of the\nabsence. Rather than relying on the user to manually lock their operating\nsystem session prior to vacating the vicinity, operating systems need to be\nable to identify when a user's session has idled and take action to initiate\nthe session lock.\n\n    The screen and tmux packages allow for a session lock to be implemented and\nconfigured.\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system has the screen package installed.\n\n    Check to see if the screen package is installed with the following command:\n\n    # yum list installed screen\n    screen-4.3.1-3-x86_64.rpm\n\n    If the screen package is not installed, check to see if the tmux package is\ninstalled with the following command:\n\n    #yum list installed tmux\n    tmux-1.8-4.el7.x86_64.rpm\n\n    If either the screen package or the tmux package is not installed, this is\na finding.\n  \"\n  desc  \"fix\", \"\n    Install the screen package to allow the initiation of a session lock after\na 15-minute period of inactivity.\n\n    Install the screen program (if it is not on the system) with the following\ncommand:\n\n    # yum install screen\n\n    OR\n\n    Install the tmux program (if it is not on the system) with the following\ncommand:\n\n    #yum install tmux\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000029-GPOS-00010\"\n  tag gid: \"V-71897\"\n  tag rid: \"SV-86521r3_rule\"\n  tag stig_id: \"RHEL-07-010090\"\n  tag fix_id: \"F-78249r3_fix\"\n  tag cci: [\"CCI-000057\"]\n  tag nist: [\"AC-11 a\", \"Rev_4\"]\n\n  multiplexer_packages = input('terminal_mux_pkgs')\n\n  describe.one do\n    multiplexer_packages.each do |pkg|  \n      describe package(pkg) do\n        it { should be_installed }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package screen is expected to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72303</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86927r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that remote X connections for interactive users are encrypted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that remote X connections for interactive users are encrypted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Open X displays allow an attacker to capture keystrokes and execute
-commands remotely.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+commands remotely.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify remote X connections for interactive users are encrypted.
 
     Check that remote X connections are encrypted with the following command:
 
-    # grep -i x11forwarding &#x2F;etc&#x2F;ssh&#x2F;sshd_config | grep -v &quot;^#&quot;
+    # grep -i x11forwarding /etc/ssh/sshd_config | grep -v "^#"
 
     X11Forwarding yes
 
-    If the &quot;X11Forwarding&quot; keyword is set to &quot;no&quot; or is missing, this is a
-finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the "X11Forwarding" keyword is set to "no" or is missing, this is a
+finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure SSH to encrypt connections for interactive users.
 
-    Edit the &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot; file to uncomment or add the line for the
-&quot;X11Forwarding&quot; keyword and set its value to &quot;yes&quot; (this file may be named
+    Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the
+"X11Forwarding" keyword and set its value to "yes" (this file may be named
 differently or be in a different location if using a version of SSH that is
 provided by a third-party vendor):
 
@@ -37502,118 +35829,113 @@ provided by a third-party vendor):
 
     The SSH service must be restarted for changes to take effect:
 
-    # systemctl restart sshd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>52380fdb-1400-4037-abdd-4f82a1f7fa07</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration X11Forwarding is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71979</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86603r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # systemctl restart sshd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72303\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat remote X connections for interactive users are encrypted.\"\n  desc  \"Open X displays allow an attacker to capture keystrokes and execute\ncommands remotely.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify remote X connections for interactive users are encrypted.\n\n    Check that remote X connections are encrypted with the following command:\n\n    # grep -i x11forwarding /etc/ssh/sshd_config | grep -v \\\"^#\\\"\n\n    X11Forwarding yes\n\n    If the \\\"X11Forwarding\\\" keyword is set to \\\"no\\\" or is missing, this is a\nfinding.\n  \"\n  desc  \"fix\", \"\n    Configure SSH to encrypt connections for interactive users.\n\n    Edit the \\\"/etc/ssh/sshd_config\\\" file to uncomment or add the line for the\n\\\"X11Forwarding\\\" keyword and set its value to \\\"yes\\\" (this file may be named\ndifferently or be in a different location if using a version of SSH that is\nprovided by a third-party vendor):\n\n    X11Forwarding yes\n\n    The SSH service must be restarted for changes to take effect:\n\n    # systemctl restart sshd\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72303\"\n  tag rid: \"SV-86927r4_rule\"\n  tag stig_id: \"RHEL-07-040710\"\n  tag fix_id: \"F-78657r6_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('X11Forwarding') { should cmp 'yes' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration X11Forwarding is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71979</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86603r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent the
 installation of software, patches, service packs, device drivers, or operating
 system components of local packages without verification they have been
 digitally signed using a certificate that is issued by a Certificate Authority
-(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Changes to any software components can have significant effects on the
 overall security of the operating system. This requirement ensures the software
 has not been tampered with and that it has been provided by a trusted vendor.
@@ -37628,14 +35950,14 @@ software has not been tampered with and that it has been provided by a trusted
 vendor. Self-signed certificates are disallowed by this requirement. The
 operating system should not have to verify the software again. This requirement
 does not mandate DoD certificates for this purpose; however, the certificate
-used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents the installation of patches, service
 packs, device drivers, or operating system components of local packages without
 verification that they have been digitally signed using a certificate that is
@@ -37644,131 +35966,126 @@ recognized and approved by the organization.
     Check that yum verifies the signature of local packages prior to install
 with the following command:
 
-    # grep localpkg_gpgcheck &#x2F;etc&#x2F;yum.conf
-    localpkg_gpgcheck&#x3D;1
+    # grep localpkg_gpgcheck /etc/yum.conf
+    localpkg_gpgcheck=1
 
-    If &quot;localpkg_gpgcheck&quot; is not set to &quot;1&quot;, or if options are missing or
+    If "localpkg_gpgcheck" is not set to "1", or if options are missing or
 commented out, ask the System Administrator how the signatures of local
 packages and other operating system components are verified.
 
     If there is no process to validate the signatures of local packages that is
-approved by the organization, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+approved by the organization, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify the signature of local packages
-prior to install by setting the following option in the &quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    localpkg_gpgcheck&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2751f72d-211c-4ce6-bc44-0bb2bf38434c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-INI &#x2F;etc&#x2F;yum.conf main.localpkg_gpgcheck </FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71971</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000324-GPOS-00125</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86595r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+prior to install by setting the following option in the "/etc/yum.conf" file:
+
+    localpkg_gpgcheck=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71979\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent the\ninstallation of software, patches, service packs, device drivers, or operating\nsystem components of local packages without verification they have been\ndigitally signed using a certificate that is issued by a Certificate Authority\n(CA) that is recognized and approved by the organization.\"\n  desc  \"Changes to any software components can have significant effects on the\noverall security of the operating system. This requirement ensures the software\nhas not been tampered with and that it has been provided by a trusted vendor.\n\n    Accordingly, patches, service packs, device drivers, or operating system\ncomponents must be signed with a certificate recognized and approved by the\norganization.\n\n    Verifying the authenticity of the software prior to installation validates\nthe integrity of the patch or upgrade received from a vendor. This verifies the\nsoftware has not been tampered with and that it has been provided by a trusted\nvendor. Self-signed certificates are disallowed by this requirement. The\noperating system should not have to verify the software again. This requirement\ndoes not mandate DoD certificates for this purpose; however, the certificate\nused to verify the software must be from an approved CA.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents the installation of patches, service\npacks, device drivers, or operating system components of local packages without\nverification that they have been digitally signed using a certificate that is\nrecognized and approved by the organization.\n\n    Check that yum verifies the signature of local packages prior to install\nwith the following command:\n\n    # grep localpkg_gpgcheck /etc/yum.conf\n    localpkg_gpgcheck=1\n\n    If \\\"localpkg_gpgcheck\\\" is not set to \\\"1\\\", or if options are missing or\ncommented out, ask the System Administrator how the signatures of local\npackages and other operating system components are verified.\n\n    If there is no process to validate the signatures of local packages that is\napproved by the organization, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify the signature of local packages\nprior to install by setting the following option in the \\\"/etc/yum.conf\\\" file:\n\n    localpkg_gpgcheck=1\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000366-GPOS-00153\"\n  tag gid: \"V-71979\"\n  tag rid: \"SV-86603r2_rule\"\n  tag stig_id: \"RHEL-07-020060\"\n  tag fix_id: \"F-78331r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\n  yum_conf = '/etc/yum.conf'\n\n  if ((f = file(yum_conf)).exist?)\n     describe ini(yum_conf) do\n       its('main.localpkg_gpgcheck') { cmp 1 }\n     end\n   else\n     describe f do\n       it { should exist }\n     end\n   end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST INI /etc/yum.conf main.localpkg_gpgcheck </FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71971</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000324-GPOS-00125</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86595r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent
 non-privileged users from executing privileged functions to include disabling,
-circumventing, or altering implemented security safeguards&#x2F;countermeasures.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+circumventing, or altering implemented security safeguards/countermeasures.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Preventing non-privileged users from executing privileged functions
 mitigates the risk that unauthorized individuals or processes may gain
 unnecessary access to information or privileges.
@@ -37778,19 +36095,19 @@ performing system integrity checks, or administering cryptographic key
 management activities. Non-privileged users are individuals who do not possess
 appropriate authorizations. Circumventing intrusion detection and prevention
 mechanisms or malicious code protection mechanisms are examples of privileged
-functions that require protection from non-privileged users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+functions that require protection from non-privileged users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an HBSS or HIPS is active on the system, this is Not Applicable.
 
     Verify the operating system prevents non-privileged users from executing
 privileged functions to include disabling, circumventing, or altering
-implemented security safeguards&#x2F;countermeasures.
+implemented security safeguards/countermeasures.
 
     Get a list of authorized users (other than System Administrator and guest
 accounts) for the system.
@@ -37798,174 +36115,165 @@ accounts) for the system.
     Check the list against the system by using the following command:
 
     # semanage login -l | more
-    Login Name SELinux User MLS&#x2F;MCS Range Service
+    Login Name SELinux User MLS/MCS Range Service
     __default__ user_u s0-s0:c0.c1023 *
     root unconfined_u s0-s0:c0.c1023 *
     system_u system_u s0-s0:c0.c1023 *
     joe staff_u s0-s0:c0.c1023 *
 
-    All administrators must be mapped to the &quot;sysadm_u&quot; or &quot;staff_u&quot; users
+    All administrators must be mapped to the "sysadm_u" or "staff_u" users
 role.
 
-    All authorized non-administrative users must be mapped to the &quot;user_u&quot;
+    All authorized non-administrative users must be mapped to the "user_u"
 role.
 
-    If they are not mapped in this way, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If they are not mapped in this way, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to prevent non-privileged users from
 executing privileged functions to include disabling, circumventing, or altering
-implemented security safeguards&#x2F;countermeasures.
+implemented security safeguards/countermeasures.
 
-    Use the following command to map a new user to the &quot;sysdam_u&quot; role:
+    Use the following command to map a new user to the "sysdam_u" role:
 
     #semanage login -a -s sysadm_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;sysdam_u&quot; role:
+    Use the following command to map an existing user to the "sysdam_u" role:
 
     #semanage login -m -s sysadm_u &lt;username&gt;
 
-    Use the following command to map a new user to the &quot;staff_u&quot; role:
+    Use the following command to map a new user to the "staff_u" role:
 
     #semanage login -a -s staff_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;staff_u&quot; role:
+    Use the following command to map an existing user to the "staff_u" role:
 
     #semanage login -m -s staff_u &lt;username&gt;
 
-    Use the following command to map a new user to the &quot;user_u&quot; role:
+    Use the following command to map a new user to the "user_u" role:
 
     # semanage login -a -s user_u &lt;username&gt;
 
-    Use the following command to map an existing user to the &quot;user_u&quot; role:
-
-    # semanage login -m -s user_u &lt;username&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>39b1b0ed-93d9-4ded-8ec1-3fb5be593a03</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;selinuxenabled&#x60; exist? is expected to equal true
---------------------------------
-passed
-Command: &#x60;selinuxenabled&#x60; exit_status is expected to eq 0
---------------------------------
-passed
-seusers is expected not to be empty
---------------------------------
-passed
-SELinux login __default__ is expected to be in &quot;user_u&quot;
-expected &#x60;unconfined_u&#x60; to be in the list: &#x60;[&quot;user_u&quot;]&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71977</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86601r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Use the following command to map an existing user to the "user_u" role:
+
+    # semanage login -m -s user_u &lt;username&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71971\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent\nnon-privileged users from executing privileged functions to include disabling,\ncircumventing, or altering implemented security safeguards/countermeasures.\"\n  desc  \"Preventing non-privileged users from executing privileged functions\nmitigates the risk that unauthorized individuals or processes may gain\nunnecessary access to information or privileges.\n\n    Privileged functions include, for example, establishing accounts,\nperforming system integrity checks, or administering cryptographic key\nmanagement activities. Non-privileged users are individuals who do not possess\nappropriate authorizations. Circumventing intrusion detection and prevention\nmechanisms or malicious code protection mechanisms are examples of privileged\nfunctions that require protection from non-privileged users.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    If an HBSS or HIPS is active on the system, this is Not Applicable.\n\n    Verify the operating system prevents non-privileged users from executing\nprivileged functions to include disabling, circumventing, or altering\nimplemented security safeguards/countermeasures.\n\n    Get a list of authorized users (other than System Administrator and guest\naccounts) for the system.\n\n    Check the list against the system by using the following command:\n\n    # semanage login -l | more\n    Login Name SELinux User MLS/MCS Range Service\n    __default__ user_u s0-s0:c0.c1023 *\n    root unconfined_u s0-s0:c0.c1023 *\n    system_u system_u s0-s0:c0.c1023 *\n    joe staff_u s0-s0:c0.c1023 *\n\n    All administrators must be mapped to the \\\"sysadm_u\\\" or \\\"staff_u\\\" users\nrole.\n\n    All authorized non-administrative users must be mapped to the \\\"user_u\\\"\nrole.\n\n    If they are not mapped in this way, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to prevent non-privileged users from\nexecuting privileged functions to include disabling, circumventing, or altering\nimplemented security safeguards/countermeasures.\n\n    Use the following command to map a new user to the \\\"sysdam_u\\\" role:\n\n    #semanage login -a -s sysadm_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"sysdam_u\\\" role:\n\n    #semanage login -m -s sysadm_u &lt;username&gt;\n\n    Use the following command to map a new user to the \\\"staff_u\\\" role:\n\n    #semanage login -a -s staff_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"staff_u\\\" role:\n\n    #semanage login -m -s staff_u &lt;username&gt;\n\n    Use the following command to map a new user to the \\\"user_u\\\" role:\n\n    # semanage login -a -s user_u &lt;username&gt;\n\n    Use the following command to map an existing user to the \\\"user_u\\\" role:\n\n    # semanage login -m -s user_u &lt;username&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000324-GPOS-00125\"\n  tag gid: \"V-71971\"\n  tag rid: \"SV-86595r2_rule\"\n  tag stig_id: \"RHEL-07-020020\"\n  tag fix_id: \"F-78323r1_fix\"\n  tag cci: [\"CCI-002165\", \"CCI-002235\"]\n  tag nist: [\"AC-3 (4)\", \"AC-6 (10)\", \"Rev_4\"]\n\n  admin_logins = input('admin_logins')\n\n  describe command('selinuxenabled') do\n    its('exist?') { should be true }\n    its('exit_status') { should eq 0 }\n  end\n\n  # Get the currently enabled selinux mode\n  selinux_mode = file('/etc/selinux/config').content.lines.\n    grep(/\\A\\s*SELINUXTYPE=/).last.split('=').last.strip\n\n  # Get the current seusers configuration\n  #\n  # Avoid use of semanage in case it has been uninstalled\n  #\n  # Remove all comments and empty lines\n  seusers = file(\"/etc/selinux/#{selinux_mode}/seusers\").content.lines.\n    grep_v(/(#|\\A\\s+\\Z)/).map(&amp;:strip)\n\n  # Create collect the remaining results in user/context pairs\n  seusers = seusers.map{|x| x.split(':')[0..1]}\n\n  describe 'seusers' do\n    it { expect(seusers).to_not be_empty }\n  end\n\n  users_to_ignore = [\n    'root',\n    'system_u' # This is a default user mapping\n  ]\n\n  seusers.each do |user, context|\n    next if users_to_ignore.include?(user)\n\n    describe \"SELinux login #{user}\" do\n      # This is required by the STIG\n      if user == '__default__'\n        let(:valid_users){[ 'user_u' ]}\n      elsif admin_logins.include?(user)\n        let(:valid_users){[\n          'sysadm_u',\n          'staff_u'\n        ]}\n      else\n        let(:valid_users){[\n          'user_u',\n          'guest_u',\n          'xguest_u'\n        ]}\n      end\n\n      it { expect(context).to be_in(valid_users) }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `selinuxenabled` exist? is expected to equal true
+--------------------------------
+passed :: TEST Command: `selinuxenabled` exit_status is expected to eq 0
+--------------------------------
+passed :: TEST seusers is expected not to be empty
+--------------------------------
+passed :: TEST SELinux login __default__ is expected to be in "user_u" :: MESSAGE expected `unconfined_u` to be in the list: `["user_u"]`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71977</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000366-GPOS-00153</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86601r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must prevent the
 installation of software, patches, service packs, device drivers, or operating
 system components from a repository without verification they have been
 digitally signed using a certificate that is issued by a Certificate Authority
-(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(CA) that is recognized and approved by the organization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Changes to any software components can have significant effects on the
 overall security of the operating system. This requirement ensures the software
 has not been tampered with and that it has been provided by a trusted vendor.
@@ -37980,14 +36288,14 @@ software has not been tampered with and that it has been provided by a trusted
 vendor. Self-signed certificates are disallowed by this requirement. The
 operating system should not have to verify the software again. This requirement
 does not mandate DoD certificates for this purpose; however, the certificate
-used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+used to verify the software must be from an approved CA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system prevents the installation of patches, service
 packs, device drivers, or operating system components from a repository without
 verification that they have been digitally signed using a certificate that is
@@ -37996,149 +36304,144 @@ recognized and approved by the organization.
     Check that yum verifies the signature of packages from a repository prior
 to install with the following command:
 
-    # grep gpgcheck &#x2F;etc&#x2F;yum.conf
-    gpgcheck&#x3D;1
+    # grep gpgcheck /etc/yum.conf
+    gpgcheck=1
 
-    If &quot;gpgcheck&quot; is not set to &quot;1&quot;, or if options are missing or commented
+    If "gpgcheck" is not set to "1", or if options are missing or commented
 out, ask the System Administrator how the certificates for patches and other
 operating system components are verified.
 
     If there is no process to validate certificates that is approved by the
-organization, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+organization, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to verify the signature of packages from a
 repository prior to install by setting the following option in the
-&quot;&#x2F;etc&#x2F;yum.conf&quot; file:
-
-    gpgcheck&#x3D;1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fe4ae955-9cdc-406b-b07b-cdbe6bdf3bed</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-INI &#x2F;etc&#x2F;yum.conf main.gpgcheck is expected to cmp &#x3D;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72273</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86897r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040520</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/yum.conf" file:
+
+    gpgcheck=1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71977\" do\n  title \"The Red Hat Enterprise Linux operating system must prevent the\ninstallation of software, patches, service packs, device drivers, or operating\nsystem components from a repository without verification they have been\ndigitally signed using a certificate that is issued by a Certificate Authority\n(CA) that is recognized and approved by the organization.\"\n  desc  \"Changes to any software components can have significant effects on the\noverall security of the operating system. This requirement ensures the software\nhas not been tampered with and that it has been provided by a trusted vendor.\n\n    Accordingly, patches, service packs, device drivers, or operating system\ncomponents must be signed with a certificate recognized and approved by the\norganization.\n\n    Verifying the authenticity of the software prior to installation validates\nthe integrity of the patch or upgrade received from a vendor. This verifies the\nsoftware has not been tampered with and that it has been provided by a trusted\nvendor. Self-signed certificates are disallowed by this requirement. The\noperating system should not have to verify the software again. This requirement\ndoes not mandate DoD certificates for this purpose; however, the certificate\nused to verify the software must be from an approved CA.\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system prevents the installation of patches, service\npacks, device drivers, or operating system components from a repository without\nverification that they have been digitally signed using a certificate that is\nrecognized and approved by the organization.\n\n    Check that yum verifies the signature of packages from a repository prior\nto install with the following command:\n\n    # grep gpgcheck /etc/yum.conf\n    gpgcheck=1\n\n    If \\\"gpgcheck\\\" is not set to \\\"1\\\", or if options are missing or commented\nout, ask the System Administrator how the certificates for patches and other\noperating system components are verified.\n\n    If there is no process to validate certificates that is approved by the\norganization, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to verify the signature of packages from a\nrepository prior to install by setting the following option in the\n\\\"/etc/yum.conf\\\" file:\n\n    gpgcheck=1\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000366-GPOS-00153\"\n  tag gid: \"V-71977\"\n  tag rid: \"SV-86601r2_rule\"\n  tag stig_id: \"RHEL-07-020050\"\n  tag fix_id: \"F-78329r1_fix\"\n  tag cci: [\"CCI-001749\"]\n  tag nist: [\"CM-5 (3)\", \"Rev_4\"]\n\n  yum_conf = '/etc/yum.conf'\n\n  if ((f = file(yum_conf)).exist?)\n    describe ini(yum_conf) do\n      its('main.gpgcheck') { should cmp 1 }\n    end\n  else\n    describe f do\n      it { should exist }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST INI /etc/yum.conf main.gpgcheck is expected to cmp == 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72273</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86897r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040520</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must enable an
-application firewall, if available.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+application firewall, if available.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Firewalls protect computers from network attacks by blocking or
 limiting access to open network ports. Application firewalls limit which
-applications are allowed to communicate over the network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+applications are allowed to communicate over the network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system enabled an application firewall.
 
-    Check to see if &quot;firewalld&quot; is installed with the following command:
+    Check to see if "firewalld" is installed with the following command:
 
     # yum list installed firewalld
     firewalld-0.3.9-11.el7.noarch.rpm
 
-    If the &quot;firewalld&quot; package is not installed, ask the System Administrator
+    If the "firewalld" package is not installed, ask the System Administrator
 if another firewall application (such as iptables) is installed.
 
     If an application firewall is not installed, this is a finding.
@@ -38149,10 +36452,10 @@ command:
     # systemctl status firewalld
     firewalld.service - firewalld - dynamic firewall daemon
 
-       Loaded: loaded (&#x2F;usr&#x2F;lib&#x2F;systemd&#x2F;system&#x2F;firewalld.service; enabled)
+       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
        Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago
 
-    If &quot;firewalld&quot; does not show a status of &quot;loaded&quot; and &quot;active&quot;, this
+    If "firewalld" does not show a status of "loaded" and "active", this
 is a finding.
 
     Check the state of the firewall:
@@ -38160,146 +36463,139 @@ is a finding.
     # firewall-cmd --state
     running
 
-    If &quot;firewalld&quot; does not show a state of &quot;running&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure the operating system&#39;s application firewall is enabled.
+    If "firewalld" does not show a state of "running", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure the operating system's application firewall is enabled.
 
-    Install the &quot;firewalld&quot; package, if it is not on the system, with the
+    Install the "firewalld" package, if it is not on the system, with the
 following command:
 
     # yum install firewalld
 
-    Start the firewall via &quot;systemctl&quot; with the following command:
-
-    # systemctl start firewalld</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dc05e874-b3ba-4b8a-9b18-cf0ecfa203a1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package firewalld is expected to be installed
---------------------------------
-passed
-System Package iptables is expected to be installed
---------------------------------
-passed
-Service firewalld.service is expected to be running</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72299</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86923r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040690</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    Start the firewall via "systemctl" with the following command:
+
+    # systemctl start firewalld</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72273\" do\n  title \"The Red Hat Enterprise Linux operating system must enable an\napplication firewall, if available.\"\n  desc  \"Firewalls protect computers from network attacks by blocking or\nlimiting access to open network ports. Application firewalls limit which\napplications are allowed to communicate over the network.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system enabled an application firewall.\n\n    Check to see if \\\"firewalld\\\" is installed with the following command:\n\n    # yum list installed firewalld\n    firewalld-0.3.9-11.el7.noarch.rpm\n\n    If the \\\"firewalld\\\" package is not installed, ask the System Administrator\nif another firewall application (such as iptables) is installed.\n\n    If an application firewall is not installed, this is a finding.\n\n    Check to see if the firewall is loaded and active with the following\ncommand:\n\n    # systemctl status firewalld\n    firewalld.service - firewalld - dynamic firewall daemon\n\n       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)\n       Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago\n\n    If \\\"firewalld\\\" does not show a status of \\\"loaded\\\" and \\\"active\\\", this\nis a finding.\n\n    Check the state of the firewall:\n\n    # firewall-cmd --state\n    running\n\n    If \\\"firewalld\\\" does not show a state of \\\"running\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Ensure the operating system's application firewall is enabled.\n\n    Install the \\\"firewalld\\\" package, if it is not on the system, with the\nfollowing command:\n\n    # yum install firewalld\n\n    Start the firewall via \\\"systemctl\\\" with the following command:\n\n    # systemctl start firewalld\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag satisfies: [\"SRG-OS-000480-GPOS-00227\", \"SRG-OS-000480-GPOS-00231\",\n\"SRG-OS-000480-GPOS-00232\"]\n  tag gid: \"V-72273\"\n  tag rid: \"SV-86897r2_rule\"\n  tag stig_id: \"RHEL-07-040520\"\n  tag fix_id: \"F-78627r1_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe package('firewalld') do\n      it { should be_installed }\n    end\n    describe package('iptables') do\n      it { should be_installed }\n    end\n  end\n  describe.one do\n    describe systemd_service('firewalld.service') do\n      it { should be_running }\n    end\n\tdescribe systemd_service('iptables.service') do\n      it { should be_running }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package firewalld is expected to be installed
+--------------------------------
+passed :: TEST System Package iptables is expected to be installed
+--------------------------------
+passed :: TEST Service firewalld.service is expected to be running</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72299</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86923r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040690</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must not have a File
-Transfer Protocol (FTP) server package installed unless needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Transfer Protocol (FTP) server package installed unless needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The FTP service provides an unencrypted remote access that does not
 provide for the confidentiality and integrity of user passwords or the remote
 session. If a privileged user were to log on using this service, the privileged
 user password could be compromised. SSH or other encrypted file transfer
-methods must be used in place of this service.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+methods must be used in place of this service.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify an FTP server has not been installed on the system.
 
     Check to see if an FTP server has been installed with the following
@@ -38309,338 +36605,326 @@ commands:
 
      vsftpd-3.0.2.el7.x86_64.rpm
 
-    If &quot;vsftpd&quot; is installed and is not documented with the Information
-System Security Officer (ISSO) as an operational requirement, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Document the &quot;vsftpd&quot; package with the ISSO as an operational requirement
+    If "vsftpd" is installed and is not documented with the Information
+System Security Officer (ISSO) as an operational requirement, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Document the "vsftpd" package with the ISSO as an operational requirement
 or remove it from the system with the following command:
 
-    # yum remove vsftpd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6d30b3cc-0e2e-4470-ac19-6426d806dc15</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package vsftpd is expected not to be installed</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72177</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86801r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030770</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    # yum remove vsftpd</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72299\" do\n  title \"The Red Hat Enterprise Linux operating system must not have a File\nTransfer Protocol (FTP) server package installed unless needed.\"\n  desc  \"The FTP service provides an unencrypted remote access that does not\nprovide for the confidentiality and integrity of user passwords or the remote\nsession. If a privileged user were to log on using this service, the privileged\nuser password could be compromised. SSH or other encrypted file transfer\nmethods must be used in place of this service.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify an FTP server has not been installed on the system.\n\n    Check to see if an FTP server has been installed with the following\ncommands:\n\n    # yum list installed vsftpd\n\n     vsftpd-3.0.2.el7.x86_64.rpm\n\n    If \\\"vsftpd\\\" is installed and is not documented with the Information\nSystem Security Officer (ISSO) as an operational requirement, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Document the \\\"vsftpd\\\" package with the ISSO as an operational requirement\nor remove it from the system with the following command:\n\n    # yum remove vsftpd\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72299\"\n  tag rid: \"SV-86923r3_rule\"\n  tag stig_id: \"RHEL-07-040690\"\n  tag fix_id: \"F-78653r3_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe.one do\n    describe package('vsftpd') do\n      it { should_not be_installed }\n    end\n    describe parse_config_file('/etc/vsftpd/vsftpd.conf') do\n      its('ssl_enable') { should cmp 'YES' }\n      its('force_anon_data_ssl') { should cmp 'YES' }\n      its('force_anon_logins_ssl') { should cmp 'YES' }\n      its('force_local_data_ssl') { should cmp 'YES' }\n      its('force_local_logins_ssl') { should cmp 'YES' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package vsftpd is expected not to be installed</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72177</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000042-GPOS-00020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86801r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030770</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the postqueue command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the postqueue command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Reconstruction of harmful events or forensic analysis is not possible
 if audit records do not contain enough information.
 
     At a minimum, the organization must audit the full-text recording of
 privileged postfix commands. The organization must maintain audit trails in
 sufficient detail to reconstruct events to determine the cause and impact of
-compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postqueue&quot; command occur.
+successful/unsuccessful attempts to use the "postqueue" command occur.
 
     Check that the following system call is being audited by performing the
-following command to check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot;:
+following command to check the file system rules in "/etc/audit/audit.rules":
 
-    # grep -iw &#x2F;usr&#x2F;sbin&#x2F;postqueue &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw /usr/sbin/postqueue /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postqueue -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-postfix
+    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-postfix
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;postqueue&quot; command occur.
-
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
-
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;sbin&#x2F;postqueue -F auid&gt;&#x3D;1000 -F
-auid!&#x3D;4294967295 -k privileged-postfix
-
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6abca034-2878-4688-9352-7eac20df9238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postqueue&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;sbin&#x2F;postqueue&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72067</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86691r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-021350</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+successful/unsuccessful attempts to use the "postqueue" command occur.
+
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
+
+    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F
+auid!=4294967295 -k privileged-postfix
+
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72177\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe postqueue command.\"\n  desc  \"Reconstruction of harmful events or forensic analysis is not possible\nif audit records do not contain enough information.\n\n    At a minimum, the organization must audit the full-text recording of\nprivileged postfix commands. The organization must maintain audit trails in\nsufficient detail to reconstruct events to determine the cause and impact of\ncompromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"postqueue\\\" command occur.\n\n    Check that the following system call is being audited by performing the\nfollowing command to check the file system rules in \\\"/etc/audit/audit.rules\\\":\n\n    # grep -iw /usr/sbin/postqueue /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-postfix\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"postqueue\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F\nauid!=4294967295 -k privileged-postfix\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000042-GPOS-00020\"\n  tag satisfies: [\"SRG-OS-000042-GPOS-00020\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72177\"\n  tag rid: \"SV-86801r3_rule\"\n  tag stig_id: \"RHEL-07-030770\"\n  tag fix_id: \"F-78531r5_fix\"\n  tag cci: [\"CCI-000135\", \"CCI-002884\"]\n  tag nist: [\"AU-3 (1)\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/sbin/postqueue'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/sbin/postqueue" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/sbin/postqueue" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72067</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000033-GPOS-00014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86691r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-021350</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must implement NIST
 FIPS-validated cryptography for the following: to provision digital signatures,
 to generate cryptographic hashes, and to protect data requiring data-at-rest
 protections in accordance with applicable federal laws, Executive Orders,
-directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes
 of using encryption to protect data. The operating system must implement
 cryptographic modules adhering to the higher standards approved by the federal
-government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system implements DoD-approved encryption to protect
 the confidentiality of remote access sessions.
 
-    Check to see if the &quot;dracut-fips&quot; package is installed with the following
+    Check to see if the "dracut-fips" package is installed with the following
 command:
 
     # yum list installed dracut-fips
 
     dracut-fips-033-360.el7_2.x86_64.rpm
 
-    If a &quot;dracut-fips&quot; package is installed, check to see if the kernel
+    If a "dracut-fips" package is installed, check to see if the kernel
 command line is configured to use FIPS mode with the following command:
 
-    Note: GRUB 2 reads its configuration from the &quot;&#x2F;boot&#x2F;grub2&#x2F;grub.cfg&quot; file
+    Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file
 on traditional BIOS-based machines and from the
-&quot;&#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg&quot; file on UEFI machines.
+"/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
 
-    # grep fips &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
-    &#x2F;vmlinuz-3.8.0-0.40.el7.x86_64 root&#x3D;&#x2F;dev&#x2F;mapper&#x2F;rhel-root ro rd.md&#x3D;0
-rd.dm&#x3D;0 rd.lvm.lv&#x3D;rhel&#x2F;swap crashkernel&#x3D;auto rd.luks&#x3D;0 vconsole.keymap&#x3D;us
-rd.lvm.lv&#x3D;rhel&#x2F;root rhgb fips&#x3D;1 quiet
+    # grep fips /boot/grub2/grub.cfg
+    /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0
+rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us
+rd.lvm.lv=rhel/root rhgb fips=1 quiet
 
     If the kernel command line is configured to use FIPS mode, check to see if
 the system is in FIPS mode with the following command:
 
-    # cat &#x2F;proc&#x2F;sys&#x2F;crypto&#x2F;fips_enabled
+    # cat /proc/sys/crypto/fips_enabled
     1
 
-    If a &quot;dracut-fips&quot; package is not installed, the kernel command line does
-not have a fips entry, or the system has a value of &quot;0&quot; for &quot;fips_enabled&quot;
-in &quot;&#x2F;proc&#x2F;sys&#x2F;crypto&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If a "dracut-fips" package is not installed, the kernel command line does
+not have a fips entry, or the system has a value of "0" for "fips_enabled"
+in "/proc/sys/crypto", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to implement DoD-approved encryption by
 installing the dracut-fips package.
 
-    To enable strict FIPS compliance, the fips&#x3D;1 kernel option needs to be
+    To enable strict FIPS compliance, the fips=1 kernel option needs to be
 added to the kernel command line during system installation so key generation
 is done with FIPS-approved algorithms and continuous monitoring tests in place.
 
     Configure the operating system to implement DoD-approved encryption by
 following the steps below:
 
-    The fips&#x3D;1 kernel option needs to be added to the kernel command line
+    The fips=1 kernel option needs to be added to the kernel command line
 during system installation so that key generation is done with FIPS-approved
 algorithms and continuous monitoring tests in place. Users should also ensure
 that the system has plenty of entropy during the installation process by moving
@@ -38652,644 +36936,614 @@ keystrokes may generate a non-unique key.
 
     # yum install dracut-fips
 
-    Recreate the &quot;initramfs&quot; file with the following command:
+    Recreate the "initramfs" file with the following command:
 
-    Note: This command will overwrite the existing &quot;initramfs&quot; file.
+    Note: This command will overwrite the existing "initramfs" file.
 
     # dracut -f
 
-    Modify the kernel command line of the current kernel in the &quot;grub.cfg&quot;
+    Modify the kernel command line of the current kernel in the "grub.cfg"
 file by adding the following option to the GRUB_CMDLINE_LINUX key in the
-&quot;&#x2F;etc&#x2F;default&#x2F;grub&quot; file and then rebuild the &quot;grub.cfg&quot; file:
+"/etc/default/grub" file and then rebuild the "grub.cfg" file:
 
-    fips&#x3D;1
+    fips=1
 
-    Changes to &quot;&#x2F;etc&#x2F;default&#x2F;grub&quot; require rebuilding the &quot;grub.cfg&quot; file
+    Changes to "/etc/default/grub" require rebuilding the "grub.cfg" file
 as follows:
 
     On BIOS-based machines, use the following command:
 
-    # grub2-mkconfig -o &#x2F;boot&#x2F;grub2&#x2F;grub.cfg
+    # grub2-mkconfig -o /boot/grub2/grub.cfg
 
     On UEFI-based machines, use the following command:
 
-    # grub2-mkconfig -o &#x2F;boot&#x2F;efi&#x2F;EFI&#x2F;redhat&#x2F;grub.cfg
+    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
 
-    If &#x2F;boot or &#x2F;boot&#x2F;efi reside on separate partitions, the kernel parameter
-boot&#x3D;&lt;partition of &#x2F;boot or &#x2F;boot&#x2F;efi&gt; must be added to the kernel command
-line. You can identify a partition by running the df &#x2F;boot or df &#x2F;boot&#x2F;efi
+    If /boot or /boot/efi reside on separate partitions, the kernel parameter
+boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command
+line. You can identify a partition by running the df /boot or df /boot/efi
 command:
 
-    # df &#x2F;boot
+    # df /boot
     Filesystem 1K-blocks Used Available Use% Mounted on
-    &#x2F;dev&#x2F;sda1 495844 53780 416464 12% &#x2F;boot
+    /dev/sda1 495844 53780 416464 12% /boot
 
-    To ensure the &quot;boot&#x3D;&quot; configuration option will work even if device
+    To ensure the "boot=" configuration option will work even if device
 naming changes occur between boots, identify the universally unique identifier
 (UUID) of the partition with the following command:
 
-    # blkid &#x2F;dev&#x2F;sda1
-    &#x2F;dev&#x2F;sda1: UUID&#x3D;&quot;05c000f1-a213-759e-c7a2-f11b7424c797&quot; TYPE&#x3D;&quot;ext4&quot;
+    # blkid /dev/sda1
+    /dev/sda1: UUID="05c000f1-a213-759e-c7a2-f11b7424c797" TYPE="ext4"
 
     For the example above, append the following string to the kernel command
 line:
 
-    boot&#x3D;UUID&#x3D;05c000f1-a213-759e-c7a2-f11b7424c797
-
-    Reboot the system for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eca1cb5f-6a4e-4220-9c29-956d9225507d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002476</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-System Package dracut-fips is expected to be installed
---------------------------------
-passed
-ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto  is expected to match &#x2F;\bfips&#x3D;1\b&#x2F;
-expected &quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot; to match &#x2F;\bfips&#x3D;1\b&#x2F;
+    boot=UUID=05c000f1-a213-759e-c7a2-f11b7424c797
+
+    Reboot the system for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72067\" do\n  title \"The Red Hat Enterprise Linux operating system must implement NIST\nFIPS-validated cryptography for the following: to provision digital signatures,\nto generate cryptographic hashes, and to protect data requiring data-at-rest\nprotections in accordance with applicable federal laws, Executive Orders,\ndirectives, policies, regulations, and standards.\"\n  desc  \"Use of weak or untested encryption algorithms undermines the purposes\nof using encryption to protect data. The operating system must implement\ncryptographic modules adhering to the higher standards approved by the federal\ngovernment since this provides assurance they have been tested and validated.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system implements DoD-approved encryption to protect\nthe confidentiality of remote access sessions.\n\n    Check to see if the \\\"dracut-fips\\\" package is installed with the following\ncommand:\n\n    # yum list installed dracut-fips\n\n    dracut-fips-033-360.el7_2.x86_64.rpm\n\n    If a \\\"dracut-fips\\\" package is installed, check to see if the kernel\ncommand line is configured to use FIPS mode with the following command:\n\n    Note: GRUB 2 reads its configuration from the \\\"/boot/grub2/grub.cfg\\\" file\non traditional BIOS-based machines and from the\n\\\"/boot/efi/EFI/redhat/grub.cfg\\\" file on UEFI machines.\n\n    # grep fips /boot/grub2/grub.cfg\n    /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0\nrd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us\nrd.lvm.lv=rhel/root rhgb fips=1 quiet\n\n    If the kernel command line is configured to use FIPS mode, check to see if\nthe system is in FIPS mode with the following command:\n\n    # cat /proc/sys/crypto/fips_enabled\n    1\n\n    If a \\\"dracut-fips\\\" package is not installed, the kernel command line does\nnot have a fips entry, or the system has a value of \\\"0\\\" for \\\"fips_enabled\\\"\nin \\\"/proc/sys/crypto\\\", this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to implement DoD-approved encryption by\ninstalling the dracut-fips package.\n\n    To enable strict FIPS compliance, the fips=1 kernel option needs to be\nadded to the kernel command line during system installation so key generation\nis done with FIPS-approved algorithms and continuous monitoring tests in place.\n\n    Configure the operating system to implement DoD-approved encryption by\nfollowing the steps below:\n\n    The fips=1 kernel option needs to be added to the kernel command line\nduring system installation so that key generation is done with FIPS-approved\nalgorithms and continuous monitoring tests in place. Users should also ensure\nthat the system has plenty of entropy during the installation process by moving\nthe mouse around, or if no mouse is available, ensuring that many keystrokes\nare typed. The recommended amount of keystrokes is 256 and more. Less than 256\nkeystrokes may generate a non-unique key.\n\n    Install the dracut-fips package with the following command:\n\n    # yum install dracut-fips\n\n    Recreate the \\\"initramfs\\\" file with the following command:\n\n    Note: This command will overwrite the existing \\\"initramfs\\\" file.\n\n    # dracut -f\n\n    Modify the kernel command line of the current kernel in the \\\"grub.cfg\\\"\nfile by adding the following option to the GRUB_CMDLINE_LINUX key in the\n\\\"/etc/default/grub\\\" file and then rebuild the \\\"grub.cfg\\\" file:\n\n    fips=1\n\n    Changes to \\\"/etc/default/grub\\\" require rebuilding the \\\"grub.cfg\\\" file\nas follows:\n\n    On BIOS-based machines, use the following command:\n\n    # grub2-mkconfig -o /boot/grub2/grub.cfg\n\n    On UEFI-based machines, use the following command:\n\n    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\n\n    If /boot or /boot/efi reside on separate partitions, the kernel parameter\nboot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command\nline. You can identify a partition by running the df /boot or df /boot/efi\ncommand:\n\n    # df /boot\n    Filesystem 1K-blocks Used Available Use% Mounted on\n    /dev/sda1 495844 53780 416464 12% /boot\n\n    To ensure the \\\"boot=\\\" configuration option will work even if device\nnaming changes occur between boots, identify the universally unique identifier\n(UUID) of the partition with the following command:\n\n    # blkid /dev/sda1\n    /dev/sda1: UUID=\\\"05c000f1-a213-759e-c7a2-f11b7424c797\\\" TYPE=\\\"ext4\\\"\n\n    For the example above, append the following string to the kernel command\nline:\n\n    boot=UUID=05c000f1-a213-759e-c7a2-f11b7424c797\n\n    Reboot the system for the changes to take effect.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000033-GPOS-00014\"\n  tag satisfies: [\"SRG-OS-000033-GPOS-00014\", \"SRG-OS-000185-GPOS-00079\",\n\"SRG-OS-000396-GPOS-00176\", \"SRG-OS-000405-GPOS-00184\",\n\"SRG-OS-000478-GPOS-00223\"]\n  tag gid: \"V-72067\"\n  tag rid: \"SV-86691r4_rule\"\n  tag stig_id: \"RHEL-07-021350\"\n  tag fix_id: \"F-78419r3_fix\"\n  tag cci: [\"CCI-000068\", \"CCI-001199\", \"CCI-002450\", \"CCI-002476\"]\n  tag nist: [\"AC-17 (2)\", \"SC-28\", \"SC-13\", \"SC-28 (1)\", \"Rev_4\"]\n\n  describe package('dracut-fips') do\n    it { should be_installed }\n  end\n\n  all_args = command('grubby --info=ALL | grep \"^args=\" | sed \"s/^args=//g\"').\n    stdout.strip.split(\"\\n\").\n    map { |s| s.sub(%r{^\"(.*)\"$}, '\\1') } # strip outer quotes if they exist\n\n  all_args.each { |args|\n    describe args do\n      it { should match %r{\\bfips=1\\b} }\n    end\n  }\n\n  describe file('/proc/sys/crypto/fips_enabled') do\n    its('content.strip') { should cmp 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002476</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST System Package dracut-fips is expected to be installed
+--------------------------------
+passed :: TEST ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto  is expected to match /\bfips=1\b/ :: MESSAGE expected "ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto " to match /\bfips=1\b/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;\bfips&#x3D;1\b&#x2F;
-+&quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot;
+-/\bfips=1\b/
++"ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto "
 
 --------------------------------
-passed
-ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto  is expected to match &#x2F;\bfips&#x3D;1\b&#x2F;
-expected &quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot; to match &#x2F;\bfips&#x3D;1\b&#x2F;
+passed :: TEST ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto  is expected to match /\bfips=1\b/ :: MESSAGE expected "ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto " to match /\bfips=1\b/
 Diff:
 @@ -1,2 +1,2 @@
--&#x2F;\bfips&#x3D;1\b&#x2F;
-+&quot;ro console&#x3D;ttyS0,115200n8 console&#x3D;tty0 net.ifnames&#x3D;0 rd.blacklist&#x3D;nouveau nvme_core.io_timeout&#x3D;4294967295 crashkernel&#x3D;auto &quot;
+-/\bfips=1\b/
++"ro console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto "
 
 --------------------------------
-passed
-File &#x2F;proc&#x2F;sys&#x2F;crypto&#x2F;fips_enabled content.strip is expected to cmp &#x3D;&#x3D; 1
-
+passed :: TEST File /proc/sys/crypto/fips_enabled content.strip is expected to cmp == 1 :: MESSAGE 
 expected: 1
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72139</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86763r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030580</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72139</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000392-GPOS-00172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86763r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030580</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the chcon command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the chcon command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,
 correlate, and investigate the events relating to an incident or identify those
 responsible for one.
 
     Audit records can be generated from various components within the
-information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+information system (e.g., module or policy filter).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chcon&quot; command occur.
+successful/unsuccessful attempts to use the "chcon" command occur.
 
-    Check the file system rule in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the following
+    Check the file system rule in "/etc/audit/audit.rules" with the following
 command:
 
-    # grep -i &#x2F;usr&#x2F;bin&#x2F;chcon &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -i /usr/bin/chcon /etc/audit/audit.rules
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chcon -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the command does not return any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;chcon&quot; command occur.
+successful/unsuccessful attempts to use the "chcon" command occur.
 
-    Add or update the following rule in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path&#x3D;&#x2F;usr&#x2F;bin&#x2F;chcon -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k
 privileged-priv_change
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>04f3be5f-0df3-4cd2-a2a0-f1cf79146a14</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chcon&quot; permissions is expected not to cmp &#x3D;&#x3D; []
---------------------------------
-passed
-Auditd Rules with file &#x3D;&#x3D; &quot;&#x2F;usr&#x2F;bin&#x2F;chcon&quot; action is expected not to include &quot;never&quot;
---------------------------------
-passed
-[&quot;x&quot;] is expected to include &quot;x&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86899r4_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-040530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72139\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe chcon command.\"\n  desc  \"Without generating audit records that are specific to the security and\nmission needs of the organization, it would be difficult to establish,\ncorrelate, and investigate the events relating to an incident or identify those\nresponsible for one.\n\n    Audit records can be generated from various components within the\ninformation system (e.g., module or policy filter).\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"chcon\\\" command occur.\n\n    Check the file system rule in \\\"/etc/audit/audit.rules\\\" with the following\ncommand:\n\n    # grep -i /usr/bin/chcon /etc/audit/audit.rules\n\n    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    If the command does not return any output, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"chcon\\\" command occur.\n\n    Add or update the following rule in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=4294967295 -k\nprivileged-priv_change\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000392-GPOS-00172\"\n  tag satisfies: [\"SRG-OS-000392-GPOS-00172\", \"SRG-OS-000463-GPOS-00207\",\n\"SRG-OS-000465-GPOS-00209\"]\n  tag gid: \"V-72139\"\n  tag rid: \"SV-86763r4_rule\"\n  tag stig_id: \"RHEL-07-030580\"\n  tag fix_id: \"F-78491r6_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  audit_file = '/usr/bin/chcon'\n\n  if file(audit_file).exist?\n    impact 0.5\n  else\n    impact 0.0\n  end\n\n  describe auditd.file(audit_file) do\n    its('permissions') { should_not cmp [] }\n    its('action') { should_not include 'never' }\n  end if file(audit_file).exist?\n\n  # Resource creates data structure including all usages of file\n  perms = auditd.file(audit_file).permissions\n\n  perms.each do |perm|\n    describe perm do\n      it { should include 'x' }\n    end\n  end if file(audit_file).exist?\n\n  describe \"The #{audit_file} file does not exist\" do\n    skip \"The #{audit_file} file does not exist, this requirement is Not Applicable.\"\n  end if !file(audit_file).exist?\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with file == "/usr/bin/chcon" permissions is expected not to cmp == []
+--------------------------------
+passed :: TEST Auditd Rules with file == "/usr/bin/chcon" action is expected not to include "never"
+--------------------------------
+passed :: TEST ["x"] is expected to include "x"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72275</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86899r4_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-040530</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must display the date
-and time of the last successful account logon upon logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+and time of the last successful account logon upon logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Providing users with feedback on when account accesses last occurred
-facilitates user recognition and reporting of unauthorized account use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+facilitates user recognition and reporting of unauthorized account use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify users are provided with feedback on when account accesses last
 occurred.
 
-    Check that &quot;pam_lastlog&quot; is used and not silent with the following
+    Check that "pam_lastlog" is used and not silent with the following
 command:
 
-    # grep pam_lastlog &#x2F;etc&#x2F;pam.d&#x2F;postlogin
+    # grep pam_lastlog /etc/pam.d/postlogin
     session required pam_lastlog.so showfailed
 
-    If &quot;pam_lastlog&quot; is missing from &quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot; file, or the
-silent option is present, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If "pam_lastlog" is missing from "/etc/pam.d/postlogin" file, or the
+silent option is present, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to provide users with feedback on when
 account accesses last occurred by setting the required configuration options in
-&quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot;.
-
-    Add the following line to the top of &quot;&#x2F;etc&#x2F;pam.d&#x2F;postlogin&quot;:
-
-    session required pam_lastlog.so showfailed</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>df8f0904-0188-415e-a558-e95b901da843</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PAM Config[&#x2F;etc&#x2F;pam.d&#x2F;postlogin] lines is expected to include session .* pam_lastlog.so showfailed
---------------------------------
-passed
-SSHD Configuration PrintLastLog is expected to cmp &#x3D;&#x3D; &quot;yes&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-71939</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000106-GPOS-00053</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86563r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-010300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+"/etc/pam.d/postlogin".
+
+    Add the following line to the top of "/etc/pam.d/postlogin":
+
+    session required pam_lastlog.so showfailed</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72275\" do\n  title \"The Red Hat Enterprise Linux operating system must display the date\nand time of the last successful account logon upon logon.\"\n  desc  \"Providing users with feedback on when account accesses last occurred\nfacilitates user recognition and reporting of unauthorized account use.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify users are provided with feedback on when account accesses last\noccurred.\n\n    Check that \\\"pam_lastlog\\\" is used and not silent with the following\ncommand:\n\n    # grep pam_lastlog /etc/pam.d/postlogin\n    session required pam_lastlog.so showfailed\n\n    If \\\"pam_lastlog\\\" is missing from \\\"/etc/pam.d/postlogin\\\" file, or the\nsilent option is present, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to provide users with feedback on when\naccount accesses last occurred by setting the required configuration options in\n\\\"/etc/pam.d/postlogin\\\".\n\n    Add the following line to the top of \\\"/etc/pam.d/postlogin\\\":\n\n    session required pam_lastlog.so showfailed\n  \"\n  impact 0.3\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72275\"\n  tag rid: \"SV-86899r4_rule\"\n  tag stig_id: \"RHEL-07-040530\"\n  tag fix_id: \"F-78629r4_fix\"\n  tag cci: [\"CCI-000366\"]\n  tag nist: [\"CM-6 b\", \"Rev_4\"]\n\n  describe pam('/etc/pam.d/postlogin') do\n    its('lines') { should match_pam_rule('session .* pam_lastlog.so showfailed') }\n  end\n\n  describe.one do\n    describe sshd_config do\n      its('PrintLastLog') { should cmp 'yes' }\n    end\n\n    describe pam('/etc/pam.d/postlogin') do\n      its('lines') { should match_pam_rule('session .* pam_lastlog.so showfailed').all_without_args('silent') }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PAM Config[/etc/pam.d/postlogin] lines is expected to include session .* pam_lastlog.so showfailed
+--------------------------------
+passed :: TEST SSHD Configuration PrintLastLog is expected to cmp == "yes"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-71939</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000106-GPOS-00053</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86563r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-010300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that the SSH daemon does not allow authentication using an empty password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that the SSH daemon does not allow authentication using an empty password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional
 assurance that remote logon via SSH will require a password, even in the event
-of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To determine how the SSH daemon&#39;s &quot;PermitEmptyPasswords&quot; option is set,
+of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To determine how the SSH daemon's "PermitEmptyPasswords" option is set,
 run the following command:
 
-    # grep -i PermitEmptyPasswords &#x2F;etc&#x2F;ssh&#x2F;sshd_config
+    # grep -i PermitEmptyPasswords /etc/ssh/sshd_config
     PermitEmptyPasswords no
 
-    If no line, a commented line, or a line indicating the value &quot;no&quot; is
+    If no line, a commented line, or a line indicating the value "no" is
 returned, the required value is set.
 
-    If the required value is not set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If the required value is not set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To explicitly disallow remote logon from accounts with empty passwords, add
-or correct the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
+or correct the following line in "/etc/ssh/sshd_config":
 
     PermitEmptyPasswords no
 
     The SSH service must be restarted for changes to take effect.  Any accounts
 with empty passwords should be disabled immediately, and PAM configuration
-should prevent users from being able to assign themselves empty passwords.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6102773d-1950-4b20-b6d4-690152984427</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-SSHD Configuration PermitEmptyPasswords is expected to eq &quot;no&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72007</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86631r3_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020320</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+should prevent users from being able to assign themselves empty passwords.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-71939\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat the SSH daemon does not allow authentication using an empty password.\"\n  desc  \"Configuring this setting for the SSH daemon provides additional\nassurance that remote logon via SSH will require a password, even in the event\nof misconfiguration elsewhere.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    To determine how the SSH daemon's \\\"PermitEmptyPasswords\\\" option is set,\nrun the following command:\n\n    # grep -i PermitEmptyPasswords /etc/ssh/sshd_config\n    PermitEmptyPasswords no\n\n    If no line, a commented line, or a line indicating the value \\\"no\\\" is\nreturned, the required value is set.\n\n    If the required value is not set, this is a finding.\n  \"\n  desc  \"fix\", \"\n    To explicitly disallow remote logon from accounts with empty passwords, add\nor correct the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    PermitEmptyPasswords no\n\n    The SSH service must be restarted for changes to take effect.  Any accounts\nwith empty passwords should be disabled immediately, and PAM configuration\nshould prevent users from being able to assign themselves empty passwords.\n  \"\n  impact 0.7\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000106-GPOS-00053\"\n  tag gid: \"V-71939\"\n  tag rid: \"SV-86563r3_rule\"\n  tag stig_id: \"RHEL-07-010300\"\n  tag fix_id: \"F-78291r2_fix\"\n  tag cci: [\"CCI-000766\"]\n  tag nist: [\"IA-2 (2)\", \"Rev_4\"]\n\n  describe sshd_config do\n    its('PermitEmptyPasswords') { should eq 'no' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST SSHD Configuration PermitEmptyPasswords is expected to eq "no"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72007</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86631r3_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020320</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
-that all files and directories have a valid owner.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+that all files and directories have a valid owner.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Unowned files and directories may be unintentionally inherited if a
-user is assigned the same User Identifier &quot;UID&quot; as the UID of the un-owned
-files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+user is assigned the same User Identifier "UID" as the UID of the un-owned
+files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify all files and directories on the system have a valid owner.
 
     Check the owner of all files and directories with the following command:
@@ -39297,344 +37551,324 @@ files.</ATTRIBUTE_DATA>
     Note: The value after -fstype must be replaced with the filesystem type.
 XFS is used as an example.
 
-    # find &#x2F; -fstype xfs -nouser
+    # find / -fstype xfs -nouser
 
-    If any files on the system do not have an assigned owner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If any files on the system do not have an assigned owner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Either remove all files and directories from the system that do not have a
 valid user, or assign a valid user to all unowned files and directories on the
-system with the &quot;chown&quot; command:
-
-    # chown &lt;user&gt; &lt;file&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>562becf7-bb16-4dae-8851-89fb9e1864fc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Command: &#x60;find &#x2F; -xautofs -fstype xfs -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext3 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext2 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype ext4 -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype msdos -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype vfat -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype btrfs -nouser&#x60; stdout.strip is expected to be empty
---------------------------------
-passed
-Command: &#x60;find &#x2F; -xautofs -fstype fuseblk -nouser&#x60; stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86827r5_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-030900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+system with the "chown" command:
+
+    # chown &lt;user&gt; &lt;file&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72007\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all files and directories have a valid owner.\"\n  desc  \"Unowned files and directories may be unintentionally inherited if a\nuser is assigned the same User Identifier \\\"UID\\\" as the UID of the un-owned\nfiles.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify all files and directories on the system have a valid owner.\n\n    Check the owner of all files and directories with the following command:\n\n    Note: The value after -fstype must be replaced with the filesystem type.\nXFS is used as an example.\n\n    # find / -fstype xfs -nouser\n\n    If any files on the system do not have an assigned owner, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Either remove all files and directories from the system that do not have a\nvalid user, or assign a valid user to all unowned files and directories on the\nsystem with the \\\"chown\\\" command:\n\n    # chown &lt;user&gt; &lt;file&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72007\"\n  tag rid: \"SV-86631r3_rule\"\n  tag stig_id: \"RHEL-07-020320\"\n  tag fix_id: \"F-78359r1_fix\"\n  tag cci: [\"CCI-002165\"]\n  tag nist: [\"AC-3 (4)\", \"Rev_4\"]\n\n  command('grep -v \"nodev\" /proc/filesystems | awk \\'NF{ print $NF }\\'').\n    stdout.strip.split(\"\\n\").each do |fs|\n      describe command(\"find / -xautofs -fstype #{fs} -nouser\") do\n        its('stdout.strip') { should be_empty }\n      end\n    end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Command: `find / -xautofs -fstype xfs -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext3 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext2 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype ext4 -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype msdos -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype vfat -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype btrfs -nouser` stdout.strip is expected to be empty
+--------------------------------
+passed :: TEST Command: `find / -xautofs -fstype fuseblk -nouser` stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000466-GPOS-00210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86827r5_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-030900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must audit all uses of
-the rmdir syscall.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+the rmdir syscall.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the system is not configured to audit certain activities and write
 them to an audit log, it is more difficult to detect and track system
-compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+compromises and damages incurred during a system compromise.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the operating system generates audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rmdir&quot; syscall occur.
+successful/unsuccessful attempts to use the "rmdir" syscall occur.
 
-    Check the file system rules in &quot;&#x2F;etc&#x2F;audit&#x2F;audit.rules&quot; with the
+    Check the file system rules in "/etc/audit/audit.rules" with the
 following commands:
 
-    # grep -iw rmdir &#x2F;etc&#x2F;audit&#x2F;audit.rules
+    # grep -iw rmdir /etc/audit/audit.rules
 
-    -a always,exit -F arch&#x3D;b32 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    If both the &quot;b32&quot; and &quot;b64&quot; audit rules are not defined for the
-&quot;rmdir&quot; syscall, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+    If both the "b32" and "b64" audit rules are not defined for the
+"rmdir" syscall, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configure the operating system to generate audit records when
-successful&#x2F;unsuccessful attempts to use the &quot;rmdir&quot; syscall occur.
+successful/unsuccessful attempts to use the "rmdir" syscall occur.
 
-    Add the following rules in &quot;&#x2F;etc&#x2F;audit&#x2F;rules.d&#x2F;audit.rules&quot;:
+    Add the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch&#x3D;b32 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    -a always,exit -F arch&#x3D;b64 -S rmdir -F auid&gt;&#x3D;1000 -F auid!&#x3D;4294967295 -k
+    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k
 delete
 
-    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>82c366ca-e10c-4364-9278-e52b832d14ad</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b32&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b32&quot; list.uniq is expected to eq [&quot;exit&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b64&quot; action.uniq is expected to eq [&quot;always&quot;]
---------------------------------
-passed
-Auditd Rules with syscall &#x3D;&#x3D; &quot;rmdir&quot; arch &#x3D;&#x3D; &quot;b64&quot; list.uniq is expected to eq [&quot;exit&quot;]</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-72039</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-86663r2_rule</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>RHEL-07-020900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+    The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72203\" do\n  title \"The Red Hat Enterprise Linux operating system must audit all uses of\nthe rmdir syscall.\"\n  desc  \"If the system is not configured to audit certain activities and write\nthem to an audit log, it is more difficult to detect and track system\ncompromises and damages incurred during a system compromise.\n\n\n  \"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify the operating system generates audit records when\nsuccessful/unsuccessful attempts to use the \\\"rmdir\\\" syscall occur.\n\n    Check the file system rules in \\\"/etc/audit/audit.rules\\\" with the\nfollowing commands:\n\n    # grep -iw rmdir /etc/audit/audit.rules\n\n    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    If both the \\\"b32\\\" and \\\"b64\\\" audit rules are not defined for the\n\\\"rmdir\\\" syscall, this is a finding.\n  \"\n  desc  \"fix\", \"\n    Configure the operating system to generate audit records when\nsuccessful/unsuccessful attempts to use the \\\"rmdir\\\" syscall occur.\n\n    Add the following rules in \\\"/etc/audit/rules.d/audit.rules\\\":\n\n    -a always,exit -F arch=b32 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    -a always,exit -F arch=b64 -S rmdir -F auid&gt;=1000 -F auid!=4294967295 -k\ndelete\n\n    The audit daemon must be restarted for the changes to take effect.\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000466-GPOS-00210\"\n  tag satisfies: [\"SRG-OS-000466-GPOS-00210\", \"SRG-OS-000467-GPOS-00210\",\n\"SRG-OS-000468-GPOS-00212\", \"SRG-OS-000392-GPOS-00172\"]\n  tag gid: \"V-72203\"\n  tag rid: \"SV-86827r5_rule\"\n  tag stig_id: \"RHEL-07-030900\"\n  tag fix_id: \"F-78557r9_fix\"\n  tag cci: [\"CCI-000172\", \"CCI-002884\"]\n  tag nist: [\"AU-12 c\", \"MA-4 (1) (a)\", \"Rev_4\"]\n\n  describe auditd.syscall(\"rmdir\").where {arch == \"b32\"} do\n    its('action.uniq') { should eq ['always'] }\n    its('list.uniq') { should eq ['exit'] }\n  end\n  if os.arch == 'x86_64'\n    describe auditd.syscall(\"rmdir\").where {arch == \"b64\"} do\n      its('action.uniq') { should eq ['always'] }\n      its('list.uniq') { should eq ['exit'] }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002884</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b32" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b32" list.uniq is expected to eq ["exit"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b64" action.uniq is expected to eq ["always"]
+--------------------------------
+passed :: TEST Auditd Rules with syscall == "rmdir" arch == "b64" list.uniq is expected to eq ["exit"]</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-72039</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-GPOS-00227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-86663r2_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>RHEL-07-020900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The Red Hat Enterprise Linux operating system must be configured so
 that all system device files are correctly labeled to prevent unauthorized
-modification.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+modification.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If an unauthorized or modified device is allowed to exist on the
 system, there is the possibility the system may perform unintended or
-unauthorized operations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+unauthorized operations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify that all system device files are correctly labeled to prevent
 unauthorized modification.
 
     List all device files on the system that are incorrectly labeled with the
 following commands:
 
-    Note: Device files are normally found under &quot;&#x2F;dev&quot;, but applications may
+    Note: Device files are normally found under "/dev", but applications may
 place device files in other directories and may necessitate a search of the
 entire system.
 
-    #find &#x2F;dev -context *:device_t:* \( -type c -o -type b \) -printf &quot;%p %Z    &quot;
+    #find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z    "
 
-    #find &#x2F;dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf &quot;%p
-%Z    &quot;
+    #find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p
+%Z    "
 
-    Note: There are device files, such as &quot;&#x2F;dev&#x2F;vmci&quot;, that are used when the
+    Note: There are device files, such as "/dev/vmci", that are used when the
 operating system is a host virtual machine. They will not be owned by a user on
-the system and require the &quot;device_t&quot; label to operate. These device files
+the system and require the "device_t" label to operate. These device files
 are not a finding.
 
     If there is output from either of these commands, other than already noted,
-this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Run the following command to determine which package owns the device file:
 
     # rpm -qf &lt;filename&gt;
@@ -39646,103 +37880,98 @@ this is a finding.</ATTRIBUTE_DATA>
     Alternatively, the package can be reinstalled from trusted media using the
 command:
 
-    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 STIG </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>779db859-f859-40b9-8ab1-2022f8e764c8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-#&lt;Set: {}&gt; length is expected to cmp &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-		</iSTIG>
-	</STIGS>
+    # sudo rpm -Uvh &lt;packagename&gt;</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control \"V-72039\" do\n  title \"The Red Hat Enterprise Linux operating system must be configured so\nthat all system device files are correctly labeled to prevent unauthorized\nmodification.\"\n  desc  \"If an unauthorized or modified device is allowed to exist on the\nsystem, there is the possibility the system may perform unintended or\nunauthorized operations.\"\n  desc  \"rationale\", \"\"\n  desc  \"check\", \"\n    Verify that all system device files are correctly labeled to prevent\nunauthorized modification.\n\n    List all device files on the system that are incorrectly labeled with the\nfollowing commands:\n\n    Note: Device files are normally found under \\\"/dev\\\", but applications may\nplace device files in other directories and may necessitate a search of the\nentire system.\n\n    #find /dev -context *:device_t:* \\\\( -type c -o -type b \\\\) -printf \\\"%p %Z\\\n    \\\"\n\n    #find /dev -context *:unlabeled_t:* \\\\( -type c -o -type b \\\\) -printf \\\"%p\n%Z\\\n    \\\"\n\n    Note: There are device files, such as \\\"/dev/vmci\\\", that are used when the\noperating system is a host virtual machine. They will not be owned by a user on\nthe system and require the \\\"device_t\\\" label to operate. These device files\nare not a finding.\n\n    If there is output from either of these commands, other than already noted,\nthis is a finding.\n  \"\n  desc  \"fix\", \"\n    Run the following command to determine which package owns the device file:\n\n    # rpm -qf &lt;filename&gt;\n\n    The package can be reinstalled from a yum repository using the command:\n\n    # sudo yum reinstall &lt;packagename&gt;\n\n    Alternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n    # sudo rpm -Uvh &lt;packagename&gt;\n  \"\n  impact 0.5\n  tag severity: nil\n  tag gtitle: \"SRG-OS-000480-GPOS-00227\"\n  tag gid: \"V-72039\"\n  tag rid: \"SV-86663r2_rule\"\n  tag stig_id: \"RHEL-07-020900\"\n  tag fix_id: \"F-78391r1_fix\"\n  tag cci: [\"CCI-000318\", \"CCI-000368\", \"CCI-001812\", \"CCI-001813\",\n\"CCI-001814\"]\n  tag nist: [\"CM-3 f\", \"CM-6 c\", \"CM-11 (2)\", \"CM-5 (1)\", \"CM-5 (1)\", \"Rev_4\"]\n\n  virtual_machine = input('virtual_machine')\n\n  findings = Set[]\n  findings = findings + command('find / -context *:device_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n  findings = findings + command('find / -context *:unlabeled_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n  findings = findings + command('find / -context *:vmci_device_t:* \\( -type c -o -type b \\) -printf \"%p %Z\\n\"').stdout.split(\"\\n\")\n\n  describe findings do\n    if virtual_machine\n      its ('length') { should cmp 1 }\n      its ('first') { should include '/dev/vmci' }\n    else\n      its ('length') { should cmp 0 }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Red Hat Enterprise Linux 7 Security Technical Implementation Guide - v2r6 :: Version 2, Release: 6</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000318</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000368</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001812</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001814</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST #&lt;Set: {}&gt; length is expected to cmp == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+	</STIGS>
 </CHECKLIST>
\ No newline at end of file
diff --git a/test/sample_data/checklist/vSphere8_report.ckl b/test/sample_data/checklist/vSphere8_report.ckl
index b4b44d122..7c8da52c6 100644
--- a/test/sample_data/checklist/vSphere8_report.ckl
+++ b/test/sample_data/checklist/vSphere8_report.ckl
@@ -1,112 +1,106 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--DISA STIG Viewer :: 2.14-->
-<CHECKLIST>
-	<ASSET>
-		<ROLE>None</ROLE>
-		<ASSET_TYPE>Computing</ASSET_TYPE>
-		<HOST_NAME></HOST_NAME>
-		<HOST_IP></HOST_IP>
-		<HOST_MAC></HOST_MAC>
-		<HOST_FQDN></HOST_FQDN>
-		<TARGET_COMMENT></TARGET_COMMENT>
-		<TECH_AREA></TECH_AREA>
-		<TARGET_KEY>0</TARGET_KEY>
-		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
-		<WEB_DB_SITE></WEB_DB_SITE>
-		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
-	</ASSET>
-	<STIGS>
-		<iSTIG>
-			<STIG_INFO>
-				<SI_DATA>
-					<SID_NAME>version</SID_NAME>
-					<SID_DATA>1</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>classification</SID_NAME>
-					<SID_DATA>UNCLASSIFIED</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>customname</SID_NAME>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>stigid</SID_NAME>
-					<SID_DATA>vmware-vsphere-8.0-stig-baseline</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>description</SID_NAME>
-					<SID_DATA>File Name: vSphere8_report.json
-Version: 1.0.1
-SHA256 Hash: 037df02b2bce1332a63d955e79ec40ce574f703eb75c99ba683cac85c3471612
-Maintainer: VMware
-Copyright: The Authors
-Copyright Email: stigs@vmware.com
-Control Count: 168</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>filename</SID_NAME>
-					<SID_DATA>vSphere8_report.json</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>releaseinfo</SID_NAME>
-					<SID_DATA></SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>title</SID_NAME>
-					<SID_DATA>vmware-vsphere-8.0-stig-baseline</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>uuid</SID_NAME>
-					<SID_DATA>1eb334c8-7149-4a60-b039-081fc3897e03</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>notice</SID_NAME>
-					<SID_DATA>terms-of-use</SID_DATA>
-				</SI_DATA>
-				<SI_DATA>
-					<SID_NAME>source</SID_NAME>
-				</SI_DATA>
-			</STIG_INFO>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000021-VMM-000050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000005</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Once the configured number of attempts is reached, the account is locked by the ESXi host.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--Heimdall Version :: 2.10.8-->
+<CHECKLIST>
+	<ASSET>
+		<ROLE>None</ROLE>
+		<ASSET_TYPE>Computing</ASSET_TYPE>
+		<MARKING></MARKING>
+		<HOST_NAME></HOST_NAME>
+		<HOST_IP></HOST_IP>
+		<HOST_MAC></HOST_MAC>
+		<HOST_FQDN></HOST_FQDN>
+		<TARGET_COMMENT></TARGET_COMMENT>
+		<TECH_AREA></TECH_AREA>
+		<TARGET_KEY></TARGET_KEY>
+		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
+		<WEB_DB_SITE></WEB_DB_SITE>
+		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
+	</ASSET>
+	<STIGS>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>1</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+					<SID_DATA>{"hdfSpecificData":{"copyright":"The Authors","maintainer":"The Authors","version":"1.0.1"}}</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>An InSpec Compliance Profile</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>Apache-2.0</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000021-VMM-000050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000005</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By limiting the number of failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Once the configured number of attempts is reached, the account is locked by the ESXi host.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Security.AccountLockFailures&quot; value and verify it is set to &quot;3&quot;.
+Select the "Security.AccountLockFailures" value and verify it is set to "3".
 
 or
 
@@ -114,141 +108,134 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures
 
-If the &quot;Security.AccountLockFailures&quot; setting is set to a value other than &quot;3&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Security.AccountLockFailures" setting is set to a value other than "3", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Security.AccountLockFailures&quot; value and configure it to &quot;3&quot;.
+Click "Edit". Select the "Security.AccountLockFailures" value and configure it to "3".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures | Set-AdvancedSetting -Value 3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e38083f9-b06f-473d-acb6-b956853665ca</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountLockFailures | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;3&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures | Set-AdvancedSetting -Value 3</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000005' do\n  title 'The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.'\n  desc  'By limiting the number of failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Once the configured number of attempts is reached, the account is locked by the ESXi host.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Security.AccountLockFailures\\\" value and verify it is set to \\\"3\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures\n\n    If the \\\"Security.AccountLockFailures\\\" setting is set to a value other than \\\"3\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Security.AccountLockFailures\\\" value and configure it to \\\"3\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures | Set-AdvancedSetting -Value 3\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000021-VMM-000050'\n  tag gid: 'V-ESXI-80-000005'\n  tag rid: 'SV-ESXI-80-000005'\n  tag stig_id: 'ESXI-80-000005'\n  tag cci: ['CCI-000044']\n  tag nist: ['AC-7 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Security.AccountLockFailures | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '3' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountLockFailures | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "3" :: MESSAGE 
 expected: 3
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000006</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000006</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.
 
 The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:
 
-&quot;You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
+"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -260,23 +247,23 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:
 
-&quot;I&#39;ve read (literal ampersand) consent to terms in IS user agreem&#39;t.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+"I've read (literal ampersand) consent to terms in IS user agreem't."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Annotations.WelcomeMessage&quot; value and verify it contains the standard mandatory DOD notice and consent banner.
+Select the "Annotations.WelcomeMessage" value and verify it contains the standard mandatory DOD notice and consent banner.
 
 or
 
@@ -284,347 +271,333 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage
 
-If the &quot;Annotations.WelcomeMessage&quot; setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Annotations.WelcomeMessage" setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Annotations.WelcomeMessage&quot; value and set it to the following. Click &quot;OK&quot;.
-
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:black}{color:yellow}{hostname} , {ip}{&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:black}{color:yellow}{esxproduct} {esxversion}{&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:black}{color:yellow}{memory} RAM{&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:black}{color:white}	{&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By      {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  using this IS (which includes any device attached to this IS), you consent to the following conditions:                 {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  -       The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited     {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law      {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          enforcement (LE), and counterintelligence (CI) investigations.                                                  {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  -       At any time, the USG may inspect and seize data stored on this IS.                                              {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  -       Communications using, or data stored on, this IS are not private, are subject to routine monitoring,            {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          interception, and search, and may be disclosed or used for any USG-authorized purpose.                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  -       This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not     {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          for your personal benefit or privacy.                                                                           {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}  -       Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching    {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          or monitoring of the content of privileged communications, or work product, related to personal representation  {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work       {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}          product are private and confidential. See User Agreement for details.                                           {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
-{bgcolor:black} {&#x2F;color}{align:left}{bgcolor:dark-grey}{color:white}  &lt;F2&gt; Accept Conditions and Customize System &#x2F; View Logs{&#x2F;align}{align:right}&lt;F12&gt; Accept Conditions and Shut Down&#x2F;Restart  {bgcolor:black} {&#x2F;color}{&#x2F;color}{&#x2F;bgcolor}{&#x2F;align}
-{bgcolor:black} {&#x2F;color}{bgcolor:dark-grey}{color:black}                                                                                                                          {&#x2F;color}{&#x2F;bgcolor}
+Click "Edit". Select the "Annotations.WelcomeMessage" value and set it to the following. Click "OK".
+
+{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{hostname} , {ip}{/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{esxproduct} {esxversion}{/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{memory} RAM{/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:white}	{/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By      {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  using this IS (which includes any device attached to this IS), you consent to the following conditions:                 {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited     {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law      {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          enforcement (LE), and counterintelligence (CI) investigations.                                                  {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       At any time, the USG may inspect and seize data stored on this IS.                                              {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       Communications using, or data stored on, this IS are not private, are subject to routine monitoring,            {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          interception, and search, and may be disclosed or used for any USG-authorized purpose.                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not     {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          for your personal benefit or privacy.                                                                           {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching    {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          or monitoring of the content of privileged communications, or work product, related to personal representation  {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work       {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          product are private and confidential. See User Agreement for details.                                           {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
+{bgcolor:black} {/color}{align:left}{bgcolor:dark-grey}{color:white}  &lt;F2&gt; Accept Conditions and Customize System / View Logs{/align}{align:right}&lt;F12&gt; Accept Conditions and Shut Down/Restart  {bgcolor:black} {/color}{/color}{/bgcolor}{/align}
+{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Set-AdvancedSetting -Value &quot;&lt;Banner text above&gt;&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ee488c0d-1327-4950-8af4-55e08f03ca47</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Select-Object -ExpandProperty Value stdout.strip is expected to match &quot;You are accessing a U.S. Government&quot;
-expected &quot;&quot; to match &quot;You are accessing a U.S. Government&quot;
+Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Set-AdvancedSetting -Value "&lt;Banner text above&gt;"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000006' do\n  title 'The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI).'\n  desc  \"\n    Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\n\n    Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:\n\n    \\\"I've read (literal ampersand) consent to terms in IS user agreem't.\\\"\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Annotations.WelcomeMessage\\\" value and verify it contains the standard mandatory DOD notice and consent banner.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage\n\n    If the \\\"Annotations.WelcomeMessage\\\" setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Annotations.WelcomeMessage\\\" value and set it to the following. Click \\\"OK\\\".\n\n    {bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{hostname} , {ip}{/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{esxproduct} {esxversion}{/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{memory} RAM{/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:black}{color:white}\\t{/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By      {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  using this IS (which includes any device attached to this IS), you consent to the following conditions:                 {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited     {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law      {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          enforcement (LE), and counterintelligence (CI) investigations.                                                  {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       At any time, the USG may inspect and seize data stored on this IS.                                              {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       Communications using, or data stored on, this IS are not private, are subject to routine monitoring,            {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          interception, and search, and may be disclosed or used for any USG-authorized purpose.                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not     {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          for your personal benefit or privacy.                                                                           {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}  -       Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching    {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          or monitoring of the content of privileged communications, or work product, related to personal representation  {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work       {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}          product are private and confidential. See User Agreement for details.                                           {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black}                                                                                                                          {/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n    {bgcolor:black} {/color}{align:left}{bgcolor:dark-grey}{color:white}  &lt;F2&gt; Accept Conditions and Customize System / View Logs{/align}{align:right}&lt;F12&gt; Accept Conditions and Shut Down/Restart  {bgcolor:black} {/color}{/color}{/bgcolor}{/align}\n    {bgcolor:black} {/color}{bgcolor:dark-grey}{color:black}                                                                                                                          {/color}{/bgcolor}\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Set-AdvancedSetting -Value \\\"&lt;Banner text above&gt;\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000023-VMM-000060'\n  tag satisfies: ['SRG-OS-000024-VMM-000070']\n  tag gid: 'V-ESXI-80-000006'\n  tag rid: 'SV-ESXI-80-000006'\n  tag stig_id: 'ESXI-80-000006'\n  tag cci: ['CCI-000048', 'CCI-000050']\n  tag nist: ['AC-8 a', 'AC-8 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      result = powercli_command(\"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Select-Object -ExpandProperty Value\")\n      describe.one do\n        describe result do\n          its('stdout.strip') { should match 'You are accessing a U.S. Government' }\n        end\n        describe result do\n          its('stdout.strip') { should match \"I've read &amp; consent to terms in IS user agreem't\" }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Select-Object -ExpandProperty Value stdout.strip is expected to match "You are accessing a U.S. Government" :: MESSAGE expected "" to match "You are accessing a U.S. Government"
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Select-Object -ExpandProperty Value stdout.strip is expected to match &quot;I&#39;ve read &amp; consent to terms in IS user agreem&#39;t&quot;
-expected &quot;&quot; to match &quot;I&#39;ve read &amp; consent to terms in IS user agreem&#39;t&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000008</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000027-VMM-000080</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000008</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000008</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable lockdown mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Select-Object -ExpandProperty Value stdout.strip is expected to match "I've read &amp; consent to terms in IS user agreem't" :: MESSAGE expected "" to match "I've read &amp; consent to terms in IS user agreem't"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000008</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000027-VMM-000080</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000008</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000008</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable lockdown mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Enabling Lockdown Mode disables direct access to an ESXi host, requiring the host to be managed remotely from vCenter Server. This is done to ensure the roles and access controls implemented in vCenter are always enforced and users cannot bypass them by logging on to a host directly.
 
-By forcing all interaction to occur through vCenter Server, the risk of someone inadvertently attaining elevated privileges or performing tasks that are not properly audited is greatly reduced.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+By forcing all interaction to occur through vCenter Server, the risk of someone inadvertently attaining elevated privileges or performing tasks that are not properly audited is greatly reduced.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For environments that do not use vCenter server to manage ESXi, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.
 
-Scroll down to &quot;Lockdown Mode&quot; and verify it is set to &quot;Enabled&quot; (Normal or Strict).
+Scroll down to "Lockdown Mode" and verify it is set to "Enabled" (Normal or Strict).
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Select Name,@{N&#x3D;&quot;Lockdown&quot;;E&#x3D;{$_.Extensiondata.Config.LockdownMode}}
+Get-VMHost | Select Name,@{N="Lockdown";E={$_.Extensiondata.Config.LockdownMode}}
 
-If &quot;Lockdown Mode&quot; is disabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If "Lockdown Mode" is disabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile &gt;&gt; Lockdown Mode.
 
-Click edit and select either the &quot;Normal&quot; or &quot;Strict&quot; radio buttons.
+Click edit and select either the "Normal" or "Strict" radio buttons.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$level &#x3D; &quot;lockdownNormal&quot; OR &quot;lockdownStrict&quot;
-$vmhost &#x3D; Get-VMHost -Name &lt;hostname&gt; | Get-View
-$lockdown &#x3D; Get-View $vmhost.ConfigManager.HostAccessManager
+$level = "lockdownNormal" OR "lockdownStrict"
+$vmhost = Get-VMHost -Name &lt;hostname&gt; | Get-View
+$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
 $lockdown.ChangeLockdownMode($level)
 
-Note: In strict lockdown mode, the Direct Console User Interface (DCUI) service is stopped. If the connection to vCenter Server is lost and the vSphere Client is no longer available, the ESXi host becomes inaccessible.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1c96c876-617a-4a1b-9c7b-2d265410fdc2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-VMHost -Name 10.186.25.26).Extensiondata.Config.LockdownMode stdout.strip is expected to be in &quot;lockdownNormal&quot; and &quot;lockdownStrict&quot;
-expected &#x60;lockdownDisabled&#x60; to be in the list: &#x60;[&quot;lockdownNormal&quot;, &quot;lockdownStrict&quot;]&#x60;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000029-VMM-000100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host client must be configured with an idle session timeout.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host client is the UI served up by the host itself, outside of vCenter. It is accessed by browsing to &quot;https:&#x2F;&#x2F;&lt;ESX FQDN&gt;&#x2F;ui&quot;. ESXi is not usually administered via this interface for long periods and all users will be highly privileged. Implementing a mandatory session idle limit will ensure that orphaned, forgotten or ignored sessions will be closed promptly.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Note: In strict lockdown mode, the Direct Console User Interface (DCUI) service is stopped. If the connection to vCenter Server is lost and the vSphere Client is no longer available, the ESXi host becomes inaccessible.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000008' do\n  title 'The ESXi host must enable lockdown mode.'\n  desc  \"\n    Enabling Lockdown Mode disables direct access to an ESXi host, requiring the host to be managed remotely from vCenter Server. This is done to ensure the roles and access controls implemented in vCenter are always enforced and users cannot bypass them by logging on to a host directly.\n\n    By forcing all interaction to occur through vCenter Server, the risk of someone inadvertently attaining elevated privileges or performing tasks that are not properly audited is greatly reduced.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For environments that do not use vCenter server to manage ESXi, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.\n\n    Scroll down to \\\"Lockdown Mode\\\" and verify it is set to \\\"Enabled\\\" (Normal or Strict).\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Select Name,@{N=\\\"Lockdown\\\";E={$_.Extensiondata.Config.LockdownMode}}\n\n    If \\\"Lockdown Mode\\\" is disabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile &gt;&gt; Lockdown Mode.\n\n    Click edit and select either the \\\"Normal\\\" or \\\"Strict\\\" radio buttons.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $level = \\\"lockdownNormal\\\" OR \\\"lockdownStrict\\\"\n    $vmhost = Get-VMHost -Name &lt;hostname&gt; | Get-View\n    $lockdown = Get-View $vmhost.ConfigManager.HostAccessManager\n    $lockdown.ChangeLockdownMode($level)\n\n    Note: In strict lockdown mode, the Direct Console User Interface (DCUI) service is stopped. If the connection to vCenter Server is lost and the vSphere Client is no longer available, the ESXi host becomes inaccessible.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000027-VMM-000080'\n  tag gid: 'V-ESXI-80-000008'\n  tag rid: 'SV-ESXI-80-000008'\n  tag stig_id: 'ESXI-80-000008'\n  tag cci: ['CCI-000054']\n  tag nist: ['AC-10']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    list = ['lockdownNormal', 'lockdownStrict']\n    vmhosts.each do |vmhost|\n      command = \"(Get-VMHost -Name #{vmhost}).Extensiondata.Config.LockdownMode\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should be_in list }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-VMHost -Name 10.186.25.26).Extensiondata.Config.LockdownMode stdout.strip is expected to be in "lockdownNormal" and "lockdownStrict" :: MESSAGE expected `lockdownDisabled` to be in the list: `["lockdownNormal", "lockdownStrict"]`</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000029-VMM-000100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host client must be configured with an idle session timeout.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host client is the UI served up by the host itself, outside of vCenter. It is accessed by browsing to "https://&lt;ESX FQDN&gt;/ui". ESXi is not usually administered via this interface for long periods and all users will be highly privileged. Implementing a mandatory session idle limit will ensure that orphaned, forgotten or ignored sessions will be closed promptly.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.HostClientSessionTimeout&quot; value and verify it is set to &quot;900&quot; or less.
+Select the "UserVars.HostClientSessionTimeout" value and verify it is set to "900" or less.
 
 or
 
@@ -632,138 +605,133 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout
 
-If the &quot;UserVars.HostClientSessionTimeout&quot; setting is not set to &quot;900&quot; or less, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.HostClientSessionTimeout" setting is not set to "900" or less, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Fom the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.HostClientSessionTimeout&quot; value and configure it to &quot;900&quot;.
+Click "Edit". Select the "UserVars.HostClientSessionTimeout" value and configure it to "900".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Set-AdvancedSetting -Value &quot;900&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a83dbe83-26ab-4b21-ab0c-c6370e7e6978</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;&#x3D; 900</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000033-VMM-000140</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Set-AdvancedSetting -Value "900"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000010' do\n  title 'The ESXi host client must be configured with an idle session timeout.'\n  desc  'The ESXi host client is the UI served up by the host itself, outside of vCenter. It is accessed by browsing to \"https://&lt;ESX FQDN&gt;/ui\". ESXi is not usually administered via this interface for long periods and all users will be highly privileged. Implementing a mandatory session idle limit will ensure that orphaned, forgotten or ignored sessions will be closed promptly.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.HostClientSessionTimeout\\\" value and verify it is set to \\\"900\\\" or less.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout\n\n    If the \\\"UserVars.HostClientSessionTimeout\\\" setting is not set to \\\"900\\\" or less, this is a finding.\n  \"\n  desc  'fix', \"\n    Fom the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.HostClientSessionTimeout\\\" value and configure it to \\\"900\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Set-AdvancedSetting -Value \\\"900\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000029-VMM-000100'\n  tag gid: 'V-ESXI-80-000010'\n  tag rid: 'SV-ESXI-80-000010'\n  tag stig_id: 'ESXI-80-000010'\n  tag cci: ['CCI-000057']\n  tag nist: ['AC-11 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp &lt;= 900 }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.HostClientSessionTimeout | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;= 900</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000033-VMM-000140</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
 
-OpenSSH on the ESXi host ships with a FIPS 140-2 validated cryptographic module and it is enabled by default. For backward compatibility reasons, this can be disabled so this setting must be audited and corrected if necessary.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+OpenSSH on the ESXi host ships with a FIPS 140-2 validated cryptographic module and it is enabled by default. For backward compatibility reasons, this can be disabled so this setting must be audited and corrected if necessary.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
 # esxcli system security fips140 ssh get
@@ -772,17 +740,17 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.system.security.fips140.ssh.get.invoke()
 
 Expected result:
 
 Enabled: true
 
-If the FIPS mode is not enabled for SSH, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the FIPS mode is not enabled for SSH, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
 # esxcli system security fips140 ssh set -e true
@@ -791,130 +759,125 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.security.fips140.ssh.set.CreateArgs()
-$arguments.enable &#x3D; $true
-$esxcli.system.security.fips140.ssh.set.Invoke($arguments)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f292bfa2-dbed-4ad3-ab78-ec3cdbcb573b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.security.fips140.ssh.get.invoke() | Select-Object -ExpandProperty Enabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-VMM-000150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000015</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi must produce audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.security.fips140.ssh.set.CreateArgs()
+$arguments.enable = $true
+$esxcli.system.security.fips140.ssh.set.Invoke($arguments)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000014' do\n  title 'The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.'\n  desc  \"\n    Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.\n\n    OpenSSH on the ESXi host ships with a FIPS 140-2 validated cryptographic module and it is enabled by default. For backward compatibility reasons, this can be disabled so this setting must be audited and corrected if necessary.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli system security fips140 ssh get\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.security.fips140.ssh.get.invoke()\n\n    Expected result:\n\n    Enabled: true\n\n    If the FIPS mode is not enabled for SSH, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli system security fips140 ssh set -e true\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.security.fips140.ssh.set.CreateArgs()\n    $arguments.enable = $true\n    $esxcli.system.security.fips140.ssh.set.Invoke($arguments)\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-OS-000033-VMM-000140'\n  tag gid: 'V-ESXI-80-000014'\n  tag rid: 'SV-ESXI-80-000014'\n  tag stig_id: 'ESXI-80-000014'\n  tag cci: ['CCI-000068']\n  tag nist: ['AC-17 (2)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.security.fips140.ssh.get.invoke() | Select-Object -ExpandProperty Enabled\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.security.fips140.ssh.get.invoke() | Select-Object -ExpandProperty Enabled stdout.strip is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-VMM-000150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000015</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi must produce audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Config.HostAgent.log.level&quot; value and verify it is set to &quot;info&quot;.
+Select the "Config.HostAgent.log.level" value and verify it is set to "info".
 
 or
 
@@ -922,149 +885,144 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level
 
-If the &quot;Config.HostAgent.log.level&quot; setting is not set to &quot;info&quot;, this is a finding.
+If the "Config.HostAgent.log.level" setting is not set to "info", this is a finding.
 
-Note: Verbose logging level is acceptable for troubleshooting purposes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Note: Verbose logging level is acceptable for troubleshooting purposes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Config.HostAgent.log.level&quot; value and configure it to &quot;info&quot;.
+Click "Edit". Select the "Config.HostAgent.log.level" value and configure it to "info".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value &quot;info&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7871ad32-44bc-40cb-9c5a-c595233c5cbe</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000171</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.log.level | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;info&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000069-VMM-000360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enforce password complexity by configuring a password quality policy.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value "info"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000015' do\n  title 'The ESXi must produce audit records containing information to establish what type of events occurred.'\n  desc  'Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. '\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Config.HostAgent.log.level\\\" value and verify it is set to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level\n\n    If the \\\"Config.HostAgent.log.level\\\" setting is not set to \\\"info\\\", this is a finding.\n\n    Note: Verbose logging level is acceptable for troubleshooting purposes.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Config.HostAgent.log.level\\\" value and configure it to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value \\\"info\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000037-VMM-000150'\n  tag satisfies: ['SRG-OS-000063-VMM-000310']\n  tag gid: 'V-ESXI-80-000015'\n  tag rid: 'SV-ESXI-80-000015'\n  tag stig_id: 'ESXI-80-000015'\n  tag cci: ['CCI-000130', 'CCI-000171']\n  tag nist: ['AU-12 b', 'AU-3']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Config.HostAgent.log.level | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'info' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000171</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.log.level | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "info"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000035</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000069-VMM-000360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000035</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000035</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enforce password complexity by configuring a password quality policy.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To enforce the use of complex passwords, minimum numbers of characters of different classes are mandated.
 
-The use of complex passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques. Complexity requirements increase the password search space by requiring users to construct passwords from a larger character set than they may otherwise use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The use of complex passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques. Complexity requirements increase the password search space by requiring users to construct passwords from a larger character set than they may otherwise use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Security.PasswordQualityControl&quot; value and verify it is set to &quot;similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15&quot;.
+Select the "Security.PasswordQualityControl" value and verify it is set to "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15".
 
 or
 
@@ -1072,167 +1030,160 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Security.PasswordQualityControl
 
-If the &quot;Security.PasswordQualityControl&quot; setting is set to a value other than &quot;similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Security.PasswordQualityControl" setting is set to a value other than "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Security.PasswordQualityControl&quot; value and configure it to &quot;similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15&quot;.
+Click "Edit". Select the "Security.PasswordQualityControl" value and configure it to "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Security.PasswordQualityControl | Set-AdvancedSetting -Value &quot;similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>27e4d075-c96e-4a24-bef8-08429a86d7fd</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordQualityControl | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15&quot;
-
-expected: similar&#x3D;deny retry&#x3D;3 min&#x3D;disabled,disabled,disabled,disabled,15
-     got: retry&#x3D;3 min&#x3D;disabled,disabled,disabled,7,7
-
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000077-VMM-000440</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000043</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must prohibit password reuse for a minimum of five generations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user&#39;s password until it was guessed correctly.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Security.PasswordQualityControl | Set-AdvancedSetting -Value "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000035' do\n  title 'The ESXi host must enforce password complexity by configuring a password quality policy.'\n  desc  \"\n    To enforce the use of complex passwords, minimum numbers of characters of different classes are mandated.\n\n    The use of complex passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques. Complexity requirements increase the password search space by requiring users to construct passwords from a larger character set than they may otherwise use.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Security.PasswordQualityControl\\\" value and verify it is set to \\\"similar=deny retry=3 min=disabled,disabled,disabled,disabled,15\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordQualityControl\n\n    If the \\\"Security.PasswordQualityControl\\\" setting is set to a value other than \\\"similar=deny retry=3 min=disabled,disabled,disabled,disabled,15\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Security.PasswordQualityControl\\\" value and configure it to \\\"similar=deny retry=3 min=disabled,disabled,disabled,disabled,15\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordQualityControl | Set-AdvancedSetting -Value \\\"similar=deny retry=3 min=disabled,disabled,disabled,disabled,15\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000069-VMM-000360'\n  tag satisfies: ['SRG-OS-000070-VMM-000370', 'SRG-OS-000071-VMM-000380', 'SRG-OS-000072-VMM-000390', 'SRG-OS-000078-VMM-000450', 'SRG-OS-000266-VMM-000940']\n  tag gid: 'V-ESXI-80-000035'\n  tag rid: 'SV-ESXI-80-000035'\n  tag stig_id: 'ESXI-80-000035'\n  tag cci: ['CCI-000192', 'CCI-000193', 'CCI-000194', 'CCI-000195', 'CCI-000205', 'CCI-001619']\n  tag nist: ['IA-5 (1) (a)', 'IA-5 (1) (b)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Security.PasswordQualityControl | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'similar=deny retry=3 min=disabled,disabled,disabled,disabled,15' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordQualityControl | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15" :: MESSAGE 
+expected: similar=deny retry=3 min=disabled,disabled,disabled,disabled,15
+     got: retry=3 min=disabled,disabled,disabled,7,7
+
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000077-VMM-000440</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000043</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must prohibit password reuse for a minimum of five generations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Security.PasswordHistory&quot; value and verify it is set to &quot;5&quot; or greater.
+Select the "Security.PasswordHistory" value and verify it is set to "5" or greater.
 
 or
 
@@ -1240,141 +1191,136 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory
 
-If the &quot;Security.PasswordHistory&quot; setting is set to a value other than 5 or greater, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Security.PasswordHistory" setting is set to a value other than 5 or greater, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Security.PasswordHistory&quot; value and configure it to &quot;5&quot;.
+Click "Edit". Select the "Security.PasswordHistory" value and configure it to "5".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e1a34ed1-1e99-4261-b859-429f7f36a035</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordHistory | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;5&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000047</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The MOB provides a way to explore the object model used by the VMkernel to manage the host and enables configurations to be changed. This interface is meant to be used primarily for debugging the vSphere Software Development Kit (SDK), but because there are no access controls it could also be used as a method to obtain information about a host being targeted for unauthorized access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000043' do\n  title 'The ESXi host must prohibit password reuse for a minimum of five generations.'\n  desc  \"If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.\"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Security.PasswordHistory\\\" value and verify it is set to \\\"5\\\" or greater.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory\n\n    If the \\\"Security.PasswordHistory\\\" setting is set to a value other than 5 or greater, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Security.PasswordHistory\\\" value and configure it to \\\"5\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000077-VMM-000440'\n  tag gid: 'V-ESXI-80-000043'\n  tag rid: 'SV-ESXI-80-000043'\n  tag stig_id: 'ESXI-80-000043'\n  tag cci: ['CCI-000200']\n  tag nist: ['IA-5 (1) (e)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Security.PasswordHistory | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '5' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordHistory | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "5"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000047</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000047</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000047</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The MOB provides a way to explore the object model used by the VMkernel to manage the host and enables configurations to be changed. This interface is meant to be used primarily for debugging the vSphere Software Development Kit (SDK), but because there are no access controls it could also be used as a method to obtain information about a host being targeted for unauthorized access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Config.HostAgent.plugins.solo.enableMob&quot; value and verify it is set to &quot;false&quot;.
+Select the "Config.HostAgent.plugins.solo.enableMob" value and verify it is set to "false".
 
 or
 
@@ -1382,145 +1328,140 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob
 
-If the &quot;Config.HostAgent.plugins.solo.enableMob&quot; setting is not set to &quot;false&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Config.HostAgent.plugins.solo.enableMob" setting is not set to "false", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Config.HostAgent.plugins.solo.enableMob&quot; value and configure it to &quot;false&quot;.
+Click "Edit". Select the "Config.HostAgent.plugins.solo.enableMob" value and configure it to "false".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Set-AdvancedSetting -Value false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1e4264a4-81b3-4f2b-b345-da511e0b652c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000104-VMM-000500</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000049</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Set-AdvancedSetting -Value false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000047' do\n  title 'The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB).'\n  desc  'The MOB provides a way to explore the object model used by the VMkernel to manage the host and enables configurations to be changed. This interface is meant to be used primarily for debugging the vSphere Software Development Kit (SDK), but because there are no access controls it could also be used as a method to obtain information about a host being targeted for unauthorized access.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Config.HostAgent.plugins.solo.enableMob\\\" value and verify it is set to \\\"false\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob\n\n    If the \\\"Config.HostAgent.plugins.solo.enableMob\\\" setting is not set to \\\"false\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Config.HostAgent.plugins.solo.enableMob\\\" value and configure it to \\\"false\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Set-AdvancedSetting -Value false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000095-VMM-000480'\n  tag gid: 'V-ESXI-80-000047'\n  tag rid: 'SV-ESXI-80-000047'\n  tag stig_id: 'ESXI-80-000047'\n  tag cci: ['CCI-000381']\n  tag nist: ['CM-7 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.plugins.solo.enableMob | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000104-VMM-000500</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000049</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Join ESXi hosts to an Active Directory domain to eliminate the need to create and maintain multiple local user accounts. Using Active Directory for user authentication simplifies the ESXi host configuration, ensures password complexity and reuse policies are enforced, and reduces the risk of security breaches and unauthorized access.
 
-Note: If the Active Directory group &quot;ESX Admins&quot; (default) exists, all users and groups assigned as members to this group will have full administrative access to all ESXi hosts in the domain.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For systems that do not use Active Directory and have no local user accounts other than root and&#x2F;or service accounts, this is not applicable.
+Note: If the Active Directory group "ESX Admins" (default) exists, all users and groups assigned as members to this group will have full administrative access to all ESXi hosts in the domain.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For systems that do not use Active Directory and have no local user accounts other than root and/or service accounts, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Authentication Services.
 
-Verify the &quot;Directory Services Type&quot; is set to &quot;Active Directory&quot;.
+Verify the "Directory Services Type" is set to "Active Directory".
 
 or
 
@@ -1528,294 +1469,283 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-VMHostAuthentication
 
-For systems that do not use Active Directory and do have local user accounts, other than root and&#x2F;or service accounts, this is a finding.
+For systems that do not use Active Directory and do have local user accounts, other than root and/or service accounts, this is a finding.
 
-If the &quot;Directory Services Type&quot; is not set to &quot;Active Directory&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Directory Services Type" is not set to "Active Directory", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Authentication Services.
 
-Click &quot;Join Domain...&quot; and enter the AD domain to join.
+Click "Join Domain..." and enter the AD domain to join.
 
-Select the &quot;Using credentials&quot; radio button and enter the credentials of an account with permissions to join machines to AD (use UPN naming &quot;user@domain&quot;). Click &quot;OK&quot;.
+Select the "Using credentials" radio button and enter the credentials of an account with permissions to join machines to AD (use UPN naming "user@domain"). Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain &quot;domain name&quot; -User &quot;username&quot; -Password &quot;password&quot;
-
-If any local user accounts are present besides root and service accounts, delete them by going to Host UI &gt;&gt; Manage &gt;&gt; Security &amp; Users &gt;&gt; Users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ca3893ce-60bc-4be2-b9fd-99fc1c6a3f84</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000770</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001682</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001941</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001942</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostAuthentication | Select-Object -ExpandProperty DomainMembershipStatus stdout.strip is expected to cmp &#x3D;&#x3D; &quot;&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000052</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000107-VMM-000530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000052</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000052</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH can emulate the behavior of the obsolete &quot;rsh&quot; command in allowing users to enable insecure access to their accounts via &quot;.rhosts&quot; files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain "domain name" -User "username" -Password "password"
+
+If any local user accounts are present besides root and service accounts, delete them by going to Host UI &gt;&gt; Manage &gt;&gt; Security &amp; Users &gt;&gt; Users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000049' do\n  title 'The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.'\n  desc  \"\n    Join ESXi hosts to an Active Directory domain to eliminate the need to create and maintain multiple local user accounts. Using Active Directory for user authentication simplifies the ESXi host configuration, ensures password complexity and reuse policies are enforced, and reduces the risk of security breaches and unauthorized access.\n\n    Note: If the Active Directory group \\\"ESX Admins\\\" (default) exists, all users and groups assigned as members to this group will have full administrative access to all ESXi hosts in the domain.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For systems that do not use Active Directory and have no local user accounts other than root and/or service accounts, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Authentication Services.\n\n    Verify the \\\"Directory Services Type\\\" is set to \\\"Active Directory\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostAuthentication\n\n    For systems that do not use Active Directory and do have local user accounts, other than root and/or service accounts, this is a finding.\n\n    If the \\\"Directory Services Type\\\" is not set to \\\"Active Directory\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Authentication Services.\n\n    Click \\\"Join Domain...\\\" and enter the AD domain to join.\n\n    Select the \\\"Using credentials\\\" radio button and enter the credentials of an account with permissions to join machines to AD (use UPN naming \\\"user@domain\\\"). Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain \\\"domain name\\\" -User \\\"username\\\" -Password \\\"password\\\"\n\n    If any local user accounts are present besides root and service accounts, delete them by going to Host UI &gt;&gt; Manage &gt;&gt; Security &amp; Users &gt;&gt; Users.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000104-VMM-000500'\n  tag satisfies: ['SRG-OS-000109-VMM-000550', 'SRG-OS-000112-VMM-000560', 'SRG-OS-000113-VMM-000570', 'SRG-OS-000123-VMM-000620']\n  tag gid: 'V-ESXI-80-000049'\n  tag rid: 'SV-ESXI-80-000049'\n  tag stig_id: 'ESXI-80-000049'\n  tag cci: ['CCI-000764', 'CCI-000770', 'CCI-001682', 'CCI-001941', 'CCI-001942']\n  tag nist: ['AC-2 (2)', 'IA-2', 'IA-2 (5)', 'IA-2 (8)', 'IA-2 (9)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    if input('adJoined')\n      list = ['Joined', 'Ok']\n      vmhosts.each do |vmhost|\n        command = \"Get-VMHost -Name #{vmhost} | Get-VMHostAuthentication | Select-Object -ExpandProperty DomainMembershipStatus\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should be_in list }\n        end\n      end\n    else\n      vmhosts.each do |vmhost|\n        command = \"Get-VMHost -Name #{vmhost} | Get-VMHostAuthentication | Select-Object -ExpandProperty DomainMembershipStatus\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should cmp '' }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000770</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001682</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001941</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001942</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostAuthentication | Select-Object -ExpandProperty DomainMembershipStatus stdout.strip is expected to cmp == ""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000052</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000107-VMM-000530</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000052</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000052</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH can emulate the behavior of the obsolete "rsh" command in allowing users to enable insecure access to their accounts via ".rhosts" files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep ignorerhosts
+# /usr/lib/vmware/openssh/bin/sshd -T | grep ignorerhosts
 
 Expected result:
 
 ignorerhosts yes
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-IgnoreRhosts yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6014ac4b-a3a3-46d7-b468-b533db282e50</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000767</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a user forgets to log out of their local or remote ESXi Shell session, the idle connection will remain open indefinitely and increase the likelihood of inappropriate host access via session hijacking. The &quot;ESXiShellInteractiveTimeOut&quot; allows the automatic termination of idle shell sessions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+IgnoreRhosts yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000052' do\n  title 'The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.'\n  desc  'SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH can emulate the behavior of the obsolete \"rsh\" command in allowing users to enable insecure access to their accounts via \".rhosts\" files.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep ignorerhosts\n\n    Expected result:\n\n    ignorerhosts yes\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    IgnoreRhosts yes\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000107-VMM-000530'\n  tag gid: 'V-ESXI-80-000052'\n  tag rid: 'SV-ESXI-80-000052'\n  tag stig_id: 'ESXI-80-000052'\n  tag cci: ['CCI-000767']\n  tag nist: ['IA-2 (3)']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000767</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a user forgets to log out of their local or remote ESXi Shell session, the idle connection will remain open indefinitely and increase the likelihood of inappropriate host access via session hijacking. The "ESXiShellInteractiveTimeOut" allows the automatic termination of idle shell sessions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.ESXiShellInteractiveTimeOut&quot; value and verify it is set to less than &quot;900&quot; and not &quot;0&quot;.
+Select the "UserVars.ESXiShellInteractiveTimeOut" value and verify it is set to less than "900" and not "0".
 
 or
 
@@ -1823,151 +1753,143 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut
 
-If the &quot;UserVars.ESXiShellInteractiveTimeOut&quot; setting is set to a value greater than &quot;900&quot; or &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.ESXiShellInteractiveTimeOut" setting is set to a value greater than "900" or "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.ESXiShellInteractiveTimeOut&quot; value and configure it to &quot;900&quot;.
+Click "Edit". Select the "UserVars.ESXiShellInteractiveTimeOut" value and configure it to "900".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4e75cd46-a7b6-49cf-8c89-8cb72142b2cb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;&#x3D; 900
+Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000068' do\n  title 'The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.'\n  desc  'If a user forgets to log out of their local or remote ESXi Shell session, the idle connection will remain open indefinitely and increase the likelihood of inappropriate host access via session hijacking. The \"ESXiShellInteractiveTimeOut\" allows the automatic termination of idle shell sessions.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.ESXiShellInteractiveTimeOut\\\" value and verify it is set to less than \\\"900\\\" and not \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut\n\n    If the \\\"UserVars.ESXiShellInteractiveTimeOut\\\" setting is set to a value greater than \\\"900\\\" or \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.ESXiShellInteractiveTimeOut\\\" value and configure it to \\\"900\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 900\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000163-VMM-000700'\n  tag satisfies: ['SRG-OS-000279-VMM-001010']\n  tag gid: 'V-ESXI-80-000068'\n  tag rid: 'SV-ESXI-80-000068'\n  tag stig_id: 'ESXI-80-000068'\n  tag cci: ['CCI-001133', 'CCI-002361']\n  tag nist: ['AC-12', 'SC-10']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp &lt;= 900 }\n        its('stdout.strip') { should_not cmp 0 }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;= 900
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp &#x3D;&#x3D; 0
-
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp == 0 :: MESSAGE 
 expected: 0
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000085</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000257-VMM-000910</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000085</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000085</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must implement Secure Boot enforcement.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000085</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000257-VMM-000910</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000085</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000085</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must implement Secure Boot enforcement.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Secure Boot is part of the UEFI firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature. Secure Boot for ESXi requires support from the firmware and it requires that all ESXi kernel modules, drivers and VIBs be signed by VMware or a partner subordinate.
 
-Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. This control flips ESXi from merely supporting Secure Boot to requiring it. Without this setting enabled, and configuration encryption, an ESXi host could be subject to offline attacks. An attacker could simply transfer the ESXi install drive to a non-Secure Boot host and boot it up without ESXi complaining.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. This control flips ESXi from merely supporting Secure Boot to requiring it. Without this setting enabled, and configuration encryption, an ESXi host could be subject to offline attacks. An attacker could simply transfer the ESXi install drive to a non-Secure Boot host and boot it up without ESXi complaining.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.
 
 From an ESXi shell, run the following command:
@@ -1978,307 +1900,294 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.system.settings.encryption.get.invoke() | Select RequireSecureBoot
 
 Expected result:
 
 Require Secure Boot: true
 
-If &quot;Require Secure Boot&quot; is not enable, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If "Require Secure Boot" is not enable, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This setting cannot be configured until Secure Boot is properly enabled in the servers firmware.
 
 From an ESXi shell, run the following commands:
 
-# esxcli system settings encryption set --require-secure-boot&#x3D;true
-# &#x2F;sbin&#x2F;auto-backup.sh
+# esxcli system settings encryption set --require-secure-boot=true
+# /sbin/auto-backup.sh
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.settings.encryption.set.CreateArgs()
-$arguments.requiresecureboot &#x3D; $true
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.settings.encryption.set.CreateArgs()
+$arguments.requiresecureboot = $true
 $esxcli.system.settings.encryption.set.Invoke($arguments)
 
-Evacuate the host and gracefully reboot for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b052cb65-55db-4e44-a31f-294efadffc77</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001495</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002699</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty RequireSecureBoot stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+Evacuate the host and gracefully reboot for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000085' do\n  title 'The ESXi host must implement Secure Boot enforcement.'\n  desc  \"\n    Secure Boot is part of the UEFI firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature. Secure Boot for ESXi requires support from the firmware and it requires that all ESXi kernel modules, drivers and VIBs be signed by VMware or a partner subordinate.\n\n    Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. This control flips ESXi from merely supporting Secure Boot to requiring it. Without this setting enabled, and configuration encryption, an ESXi host could be subject to offline attacks. An attacker could simply transfer the ESXi install drive to a non-Secure Boot host and boot it up without ESXi complaining.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.\n\n    From an ESXi shell, run the following command:\n\n    # esxcli system settings encryption get\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.settings.encryption.get.invoke() | Select RequireSecureBoot\n\n    Expected result:\n\n    Require Secure Boot: true\n\n    If \\\"Require Secure Boot\\\" is not enable, this is a finding.\n  \"\n  desc 'fix', \"\n    This setting cannot be configured until Secure Boot is properly enabled in the servers firmware.\n\n    From an ESXi shell, run the following commands:\n\n    # esxcli system settings encryption set --require-secure-boot=true\n    # /sbin/auto-backup.sh\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.settings.encryption.set.CreateArgs()\n    $arguments.requiresecureboot = $true\n    $esxcli.system.settings.encryption.set.Invoke($arguments)\n\n    Evacuate the host and gracefully reboot for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000257-VMM-000910'\n  tag satisfies: ['SRG-OS-000258-VMM-000920', 'SRG-OS-000445-VMM-001780', 'SRG-OS-000446-VMM-001790']\n  tag gid: 'V-ESXI-80-000085'\n  tag rid: 'SV-ESXI-80-000085'\n  tag stig_id: 'ESXI-80-000085'\n  tag cci: ['CCI-001494', 'CCI-001495', 'CCI-002696', 'CCI-002699']\n  tag nist: ['AU-9', 'SI-6 a', 'SI-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty RequireSecureBoot\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001495</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002696</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002699</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty RequireSecureBoot stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: false
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000094</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000278-VMM-001000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000094</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000094</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable Secure Boot.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000094</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000278-VMM-001000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000094</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000094</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable Secure Boot.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature. Secure Boot for ESXi requires support from the firmware and requires that all ESXi kernel modules, drivers, and vSphere Installation Bundles (VIBs) be signed by VMware or a partner subordinate.
 
-Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. There is no ESXi control to &quot;turn on&quot; Secure Boot. Requiring Secure Boot (failing to boot without it present) is accomplished in another control.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. There is no ESXi control to "turn on" Secure Boot. Requiring Secure Boot (failing to boot without it present) is accomplished in another control.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;secureboot&#x2F;bin&#x2F;secureBoot.py -s
+# /usr/lib/vmware/secureboot/bin/secureBoot.py -s
 
-If Secure Boot is not &quot;Enabled&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If Secure Boot is not "Enabled", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;secureboot&#x2F;bin&#x2F;secureBoot.py -c
+# /usr/lib/vmware/secureboot/bin/secureBoot.py -c
 
 If the output indicates that Secure Boot cannot be enabled, correct the discrepancies and try again.
 
 Once all discrepancies are resolved then the server ESXi is installed on can be updated to enable Secure Boot in the firmware.
 
-To enable Secure Boot in the servers firmware follow the instructions for the specific manufacturer.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>846a6cfc-c721-4045-a4ba-6103d544569b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000329-VMM-001180</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000111</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By enforcing a reasonable unlock timeout after multiple failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Users must wait for the timeout period to elapse before subsequent logon attempts are allowed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+To enable Secure Boot in the servers firmware follow the instructions for the specific manufacturer.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000094' do\n  title 'The ESXi host must enable Secure Boot.'\n  desc  \"\n    Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature. Secure Boot for ESXi requires support from the firmware and requires that all ESXi kernel modules, drivers, and vSphere Installation Bundles (VIBs) be signed by VMware or a partner subordinate.\n\n    Secure Boot is enabled in the BIOS of the ESXi physical server and supported by the hypervisor boot loader. There is no ESXi control to \\\"turn on\\\" Secure Boot. Requiring Secure Boot (failing to boot without it present) is accomplished in another control.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/secureboot/bin/secureBoot.py -s\n\n    If Secure Boot is not \\\"Enabled\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/secureboot/bin/secureBoot.py -c\n\n    If the output indicates that Secure Boot cannot be enabled, correct the discrepancies and try again.\n\n    Once all discrepancies are resolved then the server ESXi is installed on can be updated to enable Secure Boot in the firmware.\n\n    To enable Secure Boot in the servers firmware follow the instructions for the specific manufacturer.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000278-VMM-001000'\n  tag gid: 'V-ESXI-80-000094'\n  tag rid: 'SV-ESXI-80-000094'\n  tag stig_id: 'ESXI-80-000094'\n  tag cci: ['CCI-001496']\n  tag nist: ['AU-9 (3)']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000111</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000329-VMM-001180</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000111</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000111</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By enforcing a reasonable unlock timeout after multiple failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Users must wait for the timeout period to elapse before subsequent logon attempts are allowed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Security.AccountUnlockTime&quot; value and verify it is set to less than &quot;900&quot; and not &quot;0&quot;.
+Select the "Security.AccountUnlockTime" value and verify it is set to less than "900" and not "0".
 
 or
 
@@ -2286,146 +2195,140 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime
 
-If the &quot;Security.AccountUnlockTime&quot; setting is less than 900 or 0, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Security.AccountUnlockTime" setting is less than 900 or 0, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Security.AccountUnlockTime&quot; value and configure it to &quot;900&quot;.
+Click "Edit". Select the "Security.AccountUnlockTime" value and configure it to "900".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8d8e4a4b-37cd-4750-a33f-be46ce35ba39</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountUnlockTime | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;&#x3D; 900
+Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000111' do\n  title 'The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out.'\n  desc  'By enforcing a reasonable unlock timeout after multiple failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Users must wait for the timeout period to elapse before subsequent logon attempts are allowed.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Security.AccountUnlockTime\\\" value and verify it is set to less than \\\"900\\\" and not \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime\n\n    If the \\\"Security.AccountUnlockTime\\\" setting is less than 900 or 0, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Security.AccountUnlockTime\\\" value and configure it to \\\"900\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000329-VMM-001180'\n  tag gid: 'V-ESXI-80-000111'\n  tag rid: 'SV-ESXI-80-000111'\n  tag stig_id: 'ESXI-80-000111'\n  tag cci: ['CCI-002238']\n  tag nist: ['AC-7 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Security.AccountUnlockTime | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp &lt;= 900 }\n        its('stdout.strip') { should_not cmp 0 }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountUnlockTime | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;= 900
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountUnlockTime | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000113</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000341-VMM-001220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000113</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000113</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must allocate audit record storage capacity to store at least one weeks worth of audit records.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.AccountUnlockTime | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000113</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000341-VMM-001220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000113</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000113</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must allocate audit record storage capacity to store at least one weeks worth of audit records.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>In order to ensure ESXi has sufficient storage capacity in which to write the audit logs, audit record storage capacity should be configured.
 
-If a central audit record storage facility is available, the local storage capacity should be sufficient to hold audit records that would accumulate during anticipated interruptions in delivery of records to the facility.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If a central audit record storage facility is available, the local storage capacity should be sufficient to hold audit records that would accumulate during anticipated interruptions in delivery of records to the facility.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.auditRecord.storageCapacity&quot; value and verify it is set to &quot;100&quot;.
+Select the "Syslog.global.auditRecord.storageCapacity" value and verify it is set to "100".
 
 or
 
@@ -2433,155 +2336,148 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity
 
-If the &quot;Syslog.global.auditRecord.storageCapacity&quot; setting is not set to 100, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Syslog.global.auditRecord.storageCapacity" setting is not set to 100, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.auditRecord.storageCapacity&quot; value and configure it to &quot;100&quot;.
+Click "Edit". Select the "Syslog.global.auditRecord.storageCapacity" value and configure it to "100".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>20c235b2-afe4-4d27-bfe4-14bc87f0dbe6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001849</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;100&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000113' do\n  title 'The ESXi host must allocate audit record storage capacity to store at least one weeks worth of audit records.'\n  desc  \"\n    In order to ensure ESXi has sufficient storage capacity in which to write the audit logs, audit record storage capacity should be configured.\n\n    If a central audit record storage facility is available, the local storage capacity should be sufficient to hold audit records that would accumulate during anticipated interruptions in delivery of records to the facility.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.auditRecord.storageCapacity\\\" value and verify it is set to \\\"100\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity\n\n    If the \\\"Syslog.global.auditRecord.storageCapacity\\\" setting is not set to 100, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.auditRecord.storageCapacity\\\" value and configure it to \\\"100\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000341-VMM-001220'\n  tag gid: 'V-ESXI-80-000113'\n  tag rid: 'SV-ESXI-80-000113'\n  tag stig_id: 'ESXI-80-000113'\n  tag cci: ['CCI-001849']\n  tag nist: ['AU-4']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '100' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001849</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "100" :: MESSAGE 
 expected: 100
      got: 4
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000114</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-VMM-001230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000114</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000114</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must off-load logs via syslog.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000114</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-VMM-001230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000114</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000114</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must off-load logs via syslog.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts.
 
-Logging to a secure, centralized log server also helps prevent log tampering and provides a long-term audit record.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Logging to a secure, centralized log server also helps prevent log tampering and provides a long-term audit record.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.logHost&quot; value and verify it is set to a site-specific syslog server.
+Select the "Syslog.global.logHost" value and verify it is set to a site-specific syslog server.
 
 Syslog servers are specified in the following formats:
 
-udp:&#x2F;&#x2F;&lt;IP or FQDN&gt;:514
-tcp:&#x2F;&#x2F;&lt;IP or FQDN&gt;:514
-ssl:&#x2F;&#x2F;&lt;IP or FQDN&gt;:1514
+udp://&lt;IP or FQDN&gt;:514
+tcp://&lt;IP or FQDN&gt;:514
+ssl://&lt;IP or FQDN&gt;:1514
 
 Multiple servers can also be specified when separated by commas.
 
@@ -2591,154 +2487,147 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost
 
-If the &quot;Syslog.global.logHost&quot; setting is not set to a valid, site-specific syslog server, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Syslog.global.logHost" setting is not set to a valid, site-specific syslog server, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.logHost&quot; value and configure it to a site-specific syslog server.
+Click "Edit". Select the "Syslog.global.logHost" value and configure it to a site-specific syslog server.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value &quot;enter site specific servers&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>caa99df6-a7cc-4865-9abf-cd2d35be741e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001683</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001684</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001686</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.logHost | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;tcp:&#x2F;&#x2F;log.test.local:514&quot;
-
-expected: tcp:&#x2F;&#x2F;log.test.local:514
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value "enter site specific servers"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000114' do\n  title 'The ESXi host must off-load logs via syslog.'\n  desc  \"\n    Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts.\n\n    Logging to a secure, centralized log server also helps prevent log tampering and provides a long-term audit record.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.logHost\\\" value and verify it is set to a site-specific syslog server.\n\n    Syslog servers are specified in the following formats:\n\n    udp://&lt;IP or FQDN&gt;:514\n    tcp://&lt;IP or FQDN&gt;:514\n    ssl://&lt;IP or FQDN&gt;:1514\n\n    Multiple servers can also be specified when separated by commas.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost\n\n    If the \\\"Syslog.global.logHost\\\" setting is not set to a valid, site-specific syslog server, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.logHost\\\" value and configure it to a site-specific syslog server.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value \\\"enter site specific servers\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000342-VMM-001230'\n  tag satisfies: ['SRG-OS-000274-VMM-000960', 'SRG-OS-000275-VMM-000970', 'SRG-OS-000277-VMM-000990', 'SRG-OS-000479-VMM-001990']\n  tag gid: 'V-ESXI-80-000114'\n  tag rid: 'SV-ESXI-80-000114'\n  tag stig_id: 'ESXI-80-000114'\n  tag cci: ['CCI-001683', 'CCI-001684', 'CCI-001686', 'CCI-001851']\n  tag nist: ['AC-2 (4)', 'AU-4 (1)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.logHost | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp \"#{input('syslogServer')}\" }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001683</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001684</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001686</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.logHost | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "tcp://log.test.local:514" :: MESSAGE 
+expected: tcp://log.test.local:514
      got: 
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000124</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000355-VMM-001330</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000124</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000124</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must synchronize internal information system clocks to an authoritative time source.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To ensure the accuracy of the system clock, it must be synchronized with an authoritative time source within DOD. Many system functions, including time-based logon and activity restrictions, automated reports, system logs, and audit records, depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000124</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000355-VMM-001330</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000124</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000124</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must synchronize internal information system clocks to an authoritative time source.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To ensure the accuracy of the system clock, it must be synchronized with an authoritative time source within DOD. Many system functions, including time-based logon and activity restrictions, automated reports, system logs, and audit records, depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.
@@ -2756,39 +2645,39 @@ or
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
 Get-VMHost | Get-VMHostNTPServer
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;NTP Daemon&quot; -or $_.Label -eq &quot;PTP Daemon&quot;}
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon" -or $_.Label -eq "PTP Daemon"}
 
-If the NTP service is not configured with authoritative DOD time sources or the service is not configured to start and stop with the host (&quot;Policy&quot; of &quot;on&quot; in PowerCLI) or is stopped, this is a finding.
-If PTP is used instead of NTP, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the NTP service is not configured with authoritative DOD time sources or the service is not configured to start and stop with the host ("Policy" of "on" in PowerCLI) or is stopped, this is a finding.
+If PTP is used instead of NTP, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To configure NTP, perform the following:
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.
 
-Click &quot;Add Service&quot; and select &quot;Network Time Protocol&quot;.
+Click "Add Service" and select "Network Time Protocol".
 
-Enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click &quot;OK&quot;.
+Enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click "OK".
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Select the &quot;NTP Daemon&quot; service and click &quot;Edit Startup Policy&quot;.
+Select the "NTP Daemon" service and click "Edit Startup Policy".
 
-Select &quot;Start and stop with host&quot;. Click &quot;OK&quot;.
+Select "Start and stop with host". Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$NTPServers &#x3D; &quot;ntpserver1&quot;,&quot;ntpserver2&quot;
+$NTPServers = "ntpserver1","ntpserver2"
 Get-VMHost | Add-VMHostNTPServer $NTPServers
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;NTP Daemon&quot;} | Set-VMHostService -Policy On
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;NTP Daemon&quot;} | Start-VMHostService
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Set-VMHostService -Policy On
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Start-VMHostService
 
 To configure PTP, perform the following:
 
@@ -2796,149 +2685,139 @@ From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.
 
-Click &quot;Add Service&quot; and select &quot;Precision Time Protocol&quot;.
+Click "Add Service" and select "Precision Time Protocol".
 
 Select the network adapter that can receive the PTP traffic.
 
-If NTP servers are available, select &quot;Enable fallback&quot; and enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click &quot;OK&quot;.
+If NTP servers are available, select "Enable fallback" and enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click "OK".
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Select the &quot;PTP Daemon&quot; service and click &quot;Edit Startup Policy&quot;.
-
-Select &quot;Start and stop with host&quot;. Click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d878425f-8f95-4e1a-9e2d-eaa8135da946</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;NTP Daemon&#39;} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp &#x3D;&#x3D; &quot;on&quot;
-
+Select the "PTP Daemon" service and click "Edit Startup Policy".
+
+Select "Start and stop with host". Click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000124' do\n  title 'The ESXi host must synchronize internal information system clocks to an authoritative time source.'\n  desc  'To ensure the accuracy of the system clock, it must be synchronized with an authoritative time source within DOD. Many system functions, including time-based logon and activity restrictions, automated reports, system logs, and audit records, depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.\n\n    Verify NTP or PTP are configured, and one or more authoritative time sources are listed.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Verify the NTP or PTP service is running and configured to start and stop with the host.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-VMHostNTPServer\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"NTP Daemon\\\" -or $_.Label -eq \\\"PTP Daemon\\\"}\n\n    If the NTP service is not configured with authoritative DOD time sources or the service is not configured to start and stop with the host (\\\"Policy\\\" of \\\"on\\\" in PowerCLI) or is stopped, this is a finding.\n    If PTP is used instead of NTP, this is NOT a finding.\n  \"\n  desc 'fix', \"\n    To configure NTP, perform the following:\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.\n\n    Click \\\"Add Service\\\" and select \\\"Network Time Protocol\\\".\n\n    Enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click \\\"OK\\\".\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Select the \\\"NTP Daemon\\\" service and click \\\"Edit Startup Policy\\\".\n\n    Select \\\"Start and stop with host\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $NTPServers = \\\"ntpserver1\\\",\\\"ntpserver2\\\"\n    Get-VMHost | Add-VMHostNTPServer $NTPServers\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"NTP Daemon\\\"} | Set-VMHostService -Policy On\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"NTP Daemon\\\"} | Start-VMHostService\n\n    To configure PTP, perform the following:\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Time Configuration.\n\n    Click \\\"Add Service\\\" and select \\\"Precision Time Protocol\\\".\n\n    Select the network adapter that can receive the PTP traffic.\n\n    If NTP servers are available, select \\\"Enable fallback\\\" and enter or update the NTP servers listed with a comma separate list of authoritative time servers. Click \\\"OK\\\".\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Select the \\\"PTP Daemon\\\" service and click \\\"Edit Startup Policy\\\".\n\n    Select \\\"Start and stop with host\\\". Click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000355-VMM-001330'\n  tag satisfies: ['SRG-OS-000356-VMM-001340']\n  tag gid: 'V-ESXI-80-000124'\n  tag rid: 'SV-ESXI-80-000124'\n  tag stig_id: 'ESXI-80-000124'\n  tag cci: ['CCI-001891', 'CCI-002046']\n  tag nist: ['AU-8 (1) (a)', 'AU-8 (1) (b)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'NTP Daemon'} | Select-Object -ExpandProperty Policy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'on' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'NTP Daemon'} | Select-Object -ExpandProperty Running\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n      results = powercli_command(\"Get-VMHost -Name #{vmhost} | Get-VMHostNTPServer\").stdout\n      if !results.empty?\n        results.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\").each do |result|\n          describe \"NTP Server: #{result} for VMHost: #{vmhost}\" do\n            subject { result }\n            it { should be_in \"#{input('esxiNtpServers')}\" }\n          end\n        end\n      else\n        describe \"No NTP servers found on VMhost: #{vmhost}\" do\n          subject { results }\n          it { should_not be_empty }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002046</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'NTP Daemon'} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp == "on" :: MESSAGE 
 expected: on
      got: off
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;NTP Daemon&#39;} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'NTP Daemon'} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: False
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-No NTP servers found on VMhost: 10.186.25.26 is expected not to be empty
-expected &#x60;&quot;&quot;.empty?&#x60; to be falsey, got true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000366-VMM-001430</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+failed :: TEST No NTP servers found on VMhost: 10.186.25.26 is expected not to be empty :: MESSAGE expected `"".empty?` to be falsey, got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000366-VMM-001430</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an ESXi host. The ESXi Image profile supports four acceptance levels:
 
 1. VMwareCertified - VIBs created, tested, and signed by VMware.
@@ -2946,168 +2825,163 @@ expected &#x60;&quot;&quot;.empty?&#x60; to be falsey, got true</FINDING_DETAILS
 3. PartnerSupported - VIBs created, tested, and signed by a certified VMware partner.
 4. CommunitySupported - VIBs that have not been tested by VMware or a VMware partner.
 
-Community Supported VIBs are not supported and do not have a digital signature. To protect the security and integrity of ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Community Supported VIBs are not supported and do not have a digital signature. To protect the security and integrity of ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.
 
-Under &quot;Host Image Profile Acceptance Level&quot; view the acceptance level.
+Under "Host Image Profile Acceptance Level" view the acceptance level.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.software.acceptance.get.Invoke()
 
-If the acceptance level is &quot;CommunitySupported&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the acceptance level is "CommunitySupported", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.
 
-Under &quot;Host Image Profile Acceptance Level&quot;, click &quot;Edit&quot;.
+Under "Host Image Profile Acceptance Level", click "Edit".
 
-Using the drop-down selection, set the acceptance level as &quot;VMwareCertified&quot;, &quot;VMwareAccepted&quot;, or &quot;PartnerSupported&quot;. The default is &quot;PartnerSupported&quot;.
+Using the drop-down selection, set the acceptance level as "VMwareCertified", "VMwareAccepted", or "PartnerSupported". The default is "PartnerSupported".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.software.acceptance.set.CreateArgs()
-$arguments.level &#x3D; &quot;PartnerSupported&quot;
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.software.acceptance.set.CreateArgs()
+$arguments.level = "PartnerSupported"
 $esxcli.software.acceptance.set.Invoke($arguments)
 
-Note: &quot;VMwareCertified&quot; or &quot;VMwareAccepted&quot; may be substituted for &quot;PartnerSupported&quot;, depending on local requirements. These are case sensitive.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dbb3e51a-64c5-401b-9e4e-b1d73be5ddf3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001774</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.software.acceptance.get.Invoke() stdout.strip is expected to be in &quot;PartnerSupported&quot;, &quot;VMwareCertified&quot;, and &quot;VMwareAccepted&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000379-VMM-001550</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, there is potential for a man-in-the-middle attack, in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Note: "VMwareCertified" or "VMwareAccepted" may be substituted for "PartnerSupported", depending on local requirements. These are case sensitive.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000133' do\n  title 'The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.'\n  desc  \"\n    Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an ESXi host. The ESXi Image profile supports four acceptance levels:\n\n    1. VMwareCertified - VIBs created, tested, and signed by VMware.\n    2. VMwareAccepted - VIBs created by a VMware partner but tested and signed by VMware.\n    3. PartnerSupported - VIBs created, tested, and signed by a certified VMware partner.\n    4. CommunitySupported - VIBs that have not been tested by VMware or a VMware partner.\n\n    Community Supported VIBs are not supported and do not have a digital signature. To protect the security and integrity of ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on hosts.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.\n\n    Under \\\"Host Image Profile Acceptance Level\\\" view the acceptance level.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.software.acceptance.get.Invoke()\n\n    If the acceptance level is \\\"CommunitySupported\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.\n\n    Under \\\"Host Image Profile Acceptance Level\\\", click \\\"Edit\\\".\n\n    Using the drop-down selection, set the acceptance level as \\\"VMwareCertified\\\", \\\"VMwareAccepted\\\", or \\\"PartnerSupported\\\". The default is \\\"PartnerSupported\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.software.acceptance.set.CreateArgs()\n    $arguments.level = \\\"PartnerSupported\\\"\n    $esxcli.software.acceptance.set.Invoke($arguments)\n\n    Note: \\\"VMwareCertified\\\" or \\\"VMwareAccepted\\\" may be substituted for \\\"PartnerSupported\\\", depending on local requirements. These are case sensitive.\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-OS-000366-VMM-001430'\n  tag satisfies: ['SRG-OS-000370-VMM-001460']\n  tag gid: 'V-ESXI-80-000133'\n  tag rid: 'SV-ESXI-80-000133'\n  tag stig_id: 'ESXI-80-000133'\n  tag cci: ['CCI-001749', 'CCI-001774']\n  tag nist: ['CM-5 (3)', 'CM-7 (5) (b)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    list = ['PartnerSupported', 'VMwareCertified', 'VMwareAccepted']\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.software.acceptance.get.Invoke()\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should be_in list }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001749</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001774</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.software.acceptance.get.Invoke() stdout.strip is expected to be in "PartnerSupported", "VMwareCertified", and "VMwareAccepted"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000379-VMM-001550</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, there is potential for a man-in-the-middle attack, in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If iSCSI is not used, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
@@ -3122,145 +2996,139 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostHba | Where {$_.Type -eq &quot;iscsi&quot;} | Select AuthenticationProperties -ExpandProperty AuthenticationProperties
+Get-VMHost | Get-VMHostHba | Where {$_.Type -eq "iscsi"} | Select AuthenticationProperties -ExpandProperty AuthenticationProperties
 
-If iSCSI is used and CHAP is not set to &quot;required&quot; for both the target and host, this is a finding.
+If iSCSI is used and CHAP is not set to "required" for both the target and host, this is a finding.
 
-If iSCSI is used and unique CHAP secrets are not used for each host, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If iSCSI is used and unique CHAP secrets are not used for each host, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Storage &gt;&gt; Storage Adapters.
 
 Select the iSCSI adapter &gt;&gt; Properties &gt;&gt; Authentication.
 
-Click &quot;Edit...&quot;. Set &quot;Authentication Method&quot; to &quot;Use bidirectional CHAP&quot; and enter a unique secret for each traffic flow direction.
+Click "Edit...". Set "Authentication Method" to "Use bidirectional CHAP" and enter a unique secret for each traffic flow direction.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostHba | Where {$_.Type -eq &quot;iscsi&quot;} | Set-VMHostHba -ChapType Required -ChapName &quot;chapname&quot; -ChapPassword &quot;password&quot; -MutualChapEnabled $true -MutualChapName &quot;mutualchapname&quot; -MutualChapPassword &quot;mutualpassword&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a8d7b85d-f65a-40de-8966-90e4196c1d54</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-
-There are no iSCSI HBAs present so this control is Not Applicable</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000160</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-VMHostHba | Where {$_.Type -eq "iscsi"} | Set-VMHostHba -ChapType Required -ChapName "chapname" -ChapPassword "password" -MutualChapEnabled $true -MutualChapName "mutualchapname" -MutualChapPassword "mutualpassword"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000145' do\n  title 'The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.'\n  desc  'When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, there is potential for a man-in-the-middle attack, in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If iSCSI is not used, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Storage &gt;&gt; Storage Adapters.\n\n    Select the iSCSI adapter &gt;&gt; Properties &gt;&gt; Authentication &gt;&gt; Method.\n\n    View the CHAP configuration and verify CHAP is required for target and host authentication.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostHba | Where {$_.Type -eq \\\"iscsi\\\"} | Select AuthenticationProperties -ExpandProperty AuthenticationProperties\n\n    If iSCSI is used and CHAP is not set to \\\"required\\\" for both the target and host, this is a finding.\n\n    If iSCSI is used and unique CHAP secrets are not used for each host, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Storage &gt;&gt; Storage Adapters.\n\n    Select the iSCSI adapter &gt;&gt; Properties &gt;&gt; Authentication.\n\n    Click \\\"Edit...\\\". Set \\\"Authentication Method\\\" to \\\"Use bidirectional CHAP\\\" and enter a unique secret for each traffic flow direction.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostHba | Where {$_.Type -eq \\\"iscsi\\\"} | Set-VMHostHba -ChapType Required -ChapName \\\"chapname\\\" -ChapPassword \\\"password\\\" -MutualChapEnabled $true -MutualChapName \\\"mutualchapname\\\" -MutualChapPassword \\\"mutualpassword\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000379-VMM-001550'\n  tag gid: 'V-ESXI-80-000145'\n  tag rid: 'SV-ESXI-80-000145'\n  tag stig_id: 'ESXI-80-000145'\n  tag cci: ['CCI-001967']\n  tag nist: ['IA-3 (1)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostHba | Where {$_.Type -eq 'iscsi'}\"\n      iscsi_hbas = powercli_command(command).stdout\n\n      if iscsi_hbas.empty?\n        impact 0.0\n        describe '' do\n          skip 'There are no iSCSI HBAs present so this control is Not Applicable'\n        end\n      else\n        command1 = \"Get-VMHost -Name #{vmhost} | Get-VMHostHba | Where {$_.Type -eq 'iscsi'} | Select-Object -ExpandProperty AuthenticationProperties | Select-Object -ExpandProperty MutualChapEnabled\"\n        command2 = \"Get-VMHost -Name #{vmhost} | Get-VMHostHba | Where {$_.Type -eq 'iscsi'} | Select-Object -ExpandProperty AuthenticationProperties | Select-Object -ExpandProperty ChapType\"\n        describe powercli_command(command1) do\n          its('stdout.strip') { should cmp 'True' }\n        end\n        describe powercli_command(command2) do\n          its('stdout.strip') { should cmp 'Required' }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE There are no iSCSI HBAs present so this control is Not Applicable</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000160</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>While encrypted vMotion is available, vMotion traffic should still be sequestered from other traffic to further protect it from attack. This network must only be accessible to other ESXi hosts, preventing outside access to the network.
 
-The vMotion VMkernel port group must be in a dedicated VLAN that can be on a standard or distributed virtual switch as long as the vMotion VLAN is not shared by any other function and is not routed to anything but ESXi hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The vMotion VMkernel port group must be in a dedicated VLAN that can be on a standard or distributed virtual switch as long as the vMotion VLAN is not shared by any other function and is not routed to anything but ESXi hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For environments that do not use vCenter server to manage ESXi, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
@@ -3271,10 +3139,10 @@ Review the VLAN associated with any vMotion VMkernel(s) and verify they are dedi
 
 If long distance or cross vCenter vMotion is used the vMotion network can be routable but must be accessible to only the intended ESXi hosts.
 
-If the vMotion port group is not on an isolated VLAN and&#x2F;or is routable to systems other than ESXi hosts, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the vMotion port group is not on an isolated VLAN and/or is routable to systems other than ESXi hosts, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuration of the vMotion VMkernel will be unique to each environment.
 
 As an example, to modify the IP address and VLAN information to the correct network on a distributed switch do the following:
@@ -3283,117 +3151,111 @@ From the vSphere Client, go to Networking.
 
 Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Click &quot;Edit&quot; and select VLAN.
-
-Change the &quot;VLAN Type&quot; to &quot;VLAN&quot; and change the &quot;VLAN ID&quot; to a network allocated and dedicated to vMotion traffic exclusively. Click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f90aecfb-f03a-4ddf-8750-bcec7db02884</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-
-There are no VMKernel adapters with vMotion enabled so this control is N&#x2F;A.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000425-VMM-001710</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000161</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Click "Edit" and select VLAN.
+
+Change the "VLAN Type" to "VLAN" and change the "VLAN ID" to a network allocated and dedicated to vMotion traffic exclusively. Click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000160' do\n  title 'The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.'\n  desc  \"\n    While encrypted vMotion is available, vMotion traffic should still be sequestered from other traffic to further protect it from attack. This network must only be accessible to other ESXi hosts, preventing outside access to the network.\n\n    The vMotion VMkernel port group must be in a dedicated VLAN that can be on a standard or distributed virtual switch as long as the vMotion VLAN is not shared by any other function and is not routed to anything but ESXi hosts.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For environments that do not use vCenter server to manage ESXi, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Review the VLAN associated with any vMotion VMkernel(s) and verify they are dedicated for that purpose and are logically separated from other functions.\n\n    If long distance or cross vCenter vMotion is used the vMotion network can be routable but must be accessible to only the intended ESXi hosts.\n\n    If the vMotion port group is not on an isolated VLAN and/or is routable to systems other than ESXi hosts, this is a finding.\n  \"\n  desc 'fix', \"\n    Configuration of the vMotion VMkernel will be unique to each environment.\n\n    As an example, to modify the IP address and VLAN information to the correct network on a distributed switch do the following:\n\n    From the vSphere Client, go to Networking.\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\" and select VLAN.\n\n    Change the \\\"VLAN Type\\\" to \\\"VLAN\\\" and change the \\\"VLAN ID\\\" to a network allocated and dedicated to vMotion traffic exclusively. Click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000423-VMM-001700'\n  tag gid: 'V-ESXI-80-000160'\n  tag rid: 'SV-ESXI-80-000160'\n  tag stig_id: 'ESXI-80-000160'\n  tag cci: ['CCI-002418']\n  tag nist: ['SC-8']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -VMKernel | Where-Object {$_.VMotionEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n      vmks = powercli_command(command).stdout\n\n      if vmks.empty?\n        describe '' do\n          skip 'There are no VMKernel adapters with vMotion enabled so this control is N/A.'\n        end\n      else\n        vmks.split.each do |vmk|\n          # Check to see if vMotion and any other services are enabled on the same VMkernel adapter\n          command2 = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{vmk} | Where-Object {$_.ManagementTrafficEnabled -eq \\\"True\\\" -or $_.FaultToleranceLoggingEnabled -eq \\\"True\\\" -or $_.VsanTrafficEnabled -eq \\\"True\\\" -or $_.VSphereReplicationEnabled -eq \\\"True\\\" -or $_.VSphereReplicationNFCEnabled -eq \\\"True\\\" -or $_.VSphereBackupNFCEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n          describe powercli_command(command2) do\n            its('stdout.strip') { should be_empty }\n          end\n          # Get vMotion Port Group Name\n          command3 = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{vmk} | Select-Object -ExpandProperty PortGroupName\"\n          pgname = powercli_command(command3).stdout.strip\n          # Test standard port groups\n          command4 = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup -Name \\\"#{pgname}\\\" -Standard | Select-Object -ExpandProperty VlanId\"\n          stdpgs = powercli_command(command4).stdout.strip\n          unless stdpgs.empty?\n            describe 'Checking standand port group VLAN ID' do\n              subject { stdpgs }\n              it { should cmp \"#{input('vMotionVlanId')}\" }\n            end\n          end\n          describe 'SA Interview' do\n            skip 'SA also needs to confirm this VLAN is dedicated to vMotion and not routable except to other ESXi hosts.'\n          end\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE There are no VMKernel adapters with vMotion enabled so this control is N/A.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000425-VMM-001710</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000161</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>TLS 1.0 and 1.1 are deprecated protocols with well-published shortcomings and vulnerabilities. TLS 1.2 should be enabled on all interfaces and SSLv3, TL 1.1, and 1.0 disabled, where supported.
 
 Mandating TLS 1.2 may break third-party integrations and add-ons to vSphere. Test these integrations carefully after implementing TLS 1.2 and roll back where appropriate.
@@ -3402,19 +3264,19 @@ On interfaces where required functionality is broken with TLS 1.2, this finding
 
 Modify TLS settings in the following order:
 1. vCenter.
-2. ESXi.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+2. ESXi.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.ESXiVPsDisabledProtocols&quot; value and verify it is set to &quot;sslv3,tlsv1,tlsv1.1&quot;.
+Select the "UserVars.ESXiVPsDisabledProtocols" value and verify it is set to "sslv3,tlsv1,tlsv1.1".
 
 or
 
@@ -3422,282 +3284,271 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols
 
-If the &quot;UserVars.ESXiVPsDisabledProtocols&quot; setting is set to a value other than &quot;sslv3,tlsv1,tlsv1.1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.ESXiVPsDisabledProtocols" setting is set to a value other than "sslv3,tlsv1,tlsv1.1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.ESXiVPsDisabledProtocols&quot; value and configure it to &quot;sslv3,tlsv1,tlsv1.1&quot;.
+Click "Edit". Select the "UserVars.ESXiVPsDisabledProtocols" value and configure it to "sslv3,tlsv1,tlsv1.1".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value &quot;sslv3,tlsv1,tlsv1.1&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>47d059d4-7cdc-4d0a-852b-684eb65394b4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;sslv3,tlsv1,tlsv1.1&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000478-VMM-001980</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000187</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2 validated ciphers.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. ESXi must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value "sslv3,tlsv1,tlsv1.1"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000161' do\n  title 'The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.'\n  desc  \"\n    TLS 1.0 and 1.1 are deprecated protocols with well-published shortcomings and vulnerabilities. TLS 1.2 should be enabled on all interfaces and SSLv3, TL 1.1, and 1.0 disabled, where supported.\n\n    Mandating TLS 1.2 may break third-party integrations and add-ons to vSphere. Test these integrations carefully after implementing TLS 1.2 and roll back where appropriate.\n\n    On interfaces where required functionality is broken with TLS 1.2, this finding is not applicable until such time as the third-party software supports TLS 1.2.\n\n    Modify TLS settings in the following order:\n    1. vCenter.\n    2. ESXi.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.ESXiVPsDisabledProtocols\\\" value and verify it is set to \\\"sslv3,tlsv1,tlsv1.1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols\n\n    If the \\\"UserVars.ESXiVPsDisabledProtocols\\\" setting is set to a value other than \\\"sslv3,tlsv1,tlsv1.1\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.ESXiVPsDisabledProtocols\\\" value and configure it to \\\"sslv3,tlsv1,tlsv1.1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value \\\"sslv3,tlsv1,tlsv1.1\\\"\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-OS-000425-VMM-001710'\n  tag satisfies: ['SRG-OS-000426-VMM-001720']\n  tag gid: 'V-ESXI-80-000161'\n  tag rid: 'SV-ESXI-80-000161'\n  tag stig_id: 'ESXI-80-000161'\n  tag cci: ['CCI-002420', 'CCI-002422']\n  tag nist: ['SC-8 (2)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'sslv3,tlsv1,tlsv1.1' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "sslv3,tlsv1,tlsv1.1"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000478-VMM-001980</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000187</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2 validated ciphers.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. ESXi must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep ciphers
+# /usr/lib/vmware/openssh/bin/sshd -T | grep ciphers
 
 Expected result:
 
 ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
 
 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 
-Note: The ciphers line must be after the FipsMode setting.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8a9fa0c1-8146-4ae3-9c2d-9fd5e47f1c7d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host DCUI.Access list must be verified.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Note: The ciphers line must be after the FipsMode setting.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000187' do\n  title 'The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2 validated ciphers.'\n  desc  'Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. ESXi must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep ciphers\n\n    Expected result:\n\n    ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n    Note: The ciphers line must be after the FipsMode setting.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000478-VMM-001980'\n  tag gid: 'V-ESXI-80-000187'\n  tag rid: 'SV-ESXI-80-000187'\n  tag stig_id: 'ESXI-80-000187'\n  tag cci: ['CCI-002450']\n  tag nist: ['SC-13']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host DCUI.Access list must be verified.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Lockdown mode disables direct host access, requiring that administrators manage hosts from vCenter Server. However, if a host becomes isolated from vCenter, the administrator is locked out and can no longer manage the host.
 
-The &quot;DCUI.Access&quot; advanced setting allows specified users to exit lockdown mode in such a scenario. If the Direct Console User Interface (DCUI) is running in strict lockdown mode, this setting is ineffective.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The "DCUI.Access" advanced setting allows specified users to exit lockdown mode in such a scenario. If the Direct Console User Interface (DCUI) is running in strict lockdown mode, this setting is ineffective.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For environments that do not use vCenter server to manage ESXi, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;DCUI.Access&quot; value and verify only the root user is listed.
+Select the "DCUI.Access" value and verify only the root user is listed.
 
 or
 
@@ -3705,137 +3556,132 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name DCUI.Access and verify it is set to root.
 
-If the &quot;DCUI.Access&quot; is not restricted to &quot;root&quot;, this is a finding.
+If the "DCUI.Access" is not restricted to "root", this is a finding.
 
-Note: This list is only for local user accounts and should only contain the root user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Note: This list is only for local user accounts and should only contain the root user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;DCUI.Access&quot; value and configure it to &quot;root&quot;.
+Click "Edit". Select the "DCUI.Access" value and configure it to "root".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name DCUI.Access | Set-AdvancedSetting -Value &quot;root&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>01eabde0-efee-49cc-b798-de49363c74e1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name DCUI.Access | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;root&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name DCUI.Access | Set-AdvancedSetting -Value "root"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000189' do\n  title 'The ESXi host DCUI.Access list must be verified.'\n  desc  \"\n    Lockdown mode disables direct host access, requiring that administrators manage hosts from vCenter Server. However, if a host becomes isolated from vCenter, the administrator is locked out and can no longer manage the host.\n\n    The \\\"DCUI.Access\\\" advanced setting allows specified users to exit lockdown mode in such a scenario. If the Direct Console User Interface (DCUI) is running in strict lockdown mode, this setting is ineffective.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For environments that do not use vCenter server to manage ESXi, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"DCUI.Access\\\" value and verify only the root user is listed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name DCUI.Access and verify it is set to root.\n\n    If the \\\"DCUI.Access\\\" is not restricted to \\\"root\\\", this is a finding.\n\n    Note: This list is only for local user accounts and should only contain the root user.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"DCUI.Access\\\" value and configure it to \\\"root\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name DCUI.Access | Set-AdvancedSetting -Value \\\"root\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000189'\n  tag rid: 'SV-ESXI-80-000189'\n  tag stig_id: 'ESXI-80-000189'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name DCUI.Access | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'root' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name DCUI.Access | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "root"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.
 
 The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:
 
-&quot;You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
+"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -3847,23 +3693,23 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:
 
-&quot;I&#39;ve read (literal ampersand) consent to terms in IS user agreem&#39;t.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+"I've read (literal ampersand) consent to terms in IS user agreem't."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Config.Etc.issue&quot; value and verify it contains the standard mandatory DOD notice and consent banner.
+Select the "Config.Etc.issue" value and verify it contains the standard mandatory DOD notice and consent banner.
 
 or
 
@@ -3871,142 +3717,134 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Config.Etc.issue
 
-If the &quot;Config.Etc.issue&quot; setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Config.Etc.issue" setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Config.Etc.issue&quot; value and set it to the following:
+Click "Edit". Select the "Config.Etc.issue" value and set it to the following:
 
-&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
+"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Config.Etc.issue | Set-AdvancedSetting -Value &quot;&lt;Banner text above&gt;&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ace3fadd-16a2-4b5f-8666-5b6e73bd34a9</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.Etc.issue | Select-Object -ExpandProperty Value stdout.strip is expected to match &quot;You are accessing a U.S. Government&quot;
-expected &quot;&quot; to match &quot;You are accessing a U.S. Government&quot;
+Get-VMHost | Get-AdvancedSetting -Name Config.Etc.issue | Set-AdvancedSetting -Value "&lt;Banner text above&gt;"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000191' do\n  title 'The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH).'\n  desc  \"\n    Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\n\n    Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:\n\n    \\\"I've read (literal ampersand) consent to terms in IS user agreem't.\\\"\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Config.Etc.issue\\\" value and verify it contains the standard mandatory DOD notice and consent banner.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.Etc.issue\n\n    If the \\\"Config.Etc.issue\\\" setting does not contain the standard mandatory DOD notice and consent banner, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Config.Etc.issue\\\" value and set it to the following:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.Etc.issue | Set-AdvancedSetting -Value \\\"&lt;Banner text above&gt;\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000023-VMM-000060'\n  tag gid: 'V-ESXI-80-000191'\n  tag rid: 'SV-ESXI-80-000191'\n  tag stig_id: 'ESXI-80-000191'\n  tag cci: ['CCI-000048']\n  tag nist: ['AC-8 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      result = powercli_command(\"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Config.Etc.issue | Select-Object -ExpandProperty Value\")\n      describe.one do\n        describe result do\n          its('stdout.strip') { should match 'You are accessing a U.S. Government' }\n        end\n        describe result do\n          its('stdout.strip') { should match \"I've read &amp; consent to terms in IS user agreem't\" }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.Etc.issue | Select-Object -ExpandProperty Value stdout.strip is expected to match "You are accessing a U.S. Government" :: MESSAGE expected "" to match "You are accessing a U.S. Government"
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.Etc.issue | Select-Object -ExpandProperty Value stdout.strip is expected to match &quot;I&#39;ve read &amp; consent to terms in IS user agreem&#39;t&quot;
-expected &quot;&quot; to match &quot;I&#39;ve read &amp; consent to terms in IS user agreem&#39;t&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.Etc.issue | Select-Object -ExpandProperty Value stdout.strip is expected to match "I've read &amp; consent to terms in IS user agreem't" :: MESSAGE expected "" to match "I've read &amp; consent to terms in IS user agreem't"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000023-VMM-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.
 
 The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:
 
-&quot;You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
+"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -4018,496 +3856,473 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:
 
-&quot;I&#39;ve read (literal ampersand) consent to terms in IS user agreem&#39;t.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+"I've read (literal ampersand) consent to terms in IS user agreem't."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep banner
+# /usr/lib/vmware/openssh/bin/sshd -T | grep banner
 
 Expected result:
 
-banner &#x2F;etc&#x2F;issue
+banner /etc/issue
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, navigate to and open:
 
-&#x2F;etc&#x2F;ssh&#x2F;sshd_config
+/etc/ssh/sshd_config
 
-Ensure that the &quot;Banner&quot; line is uncommented and set to the following:
+Ensure that the "Banner" line is uncommented and set to the following:
 
-Banner &#x2F;etc&#x2F;issue
+Banner /etc/issue
 
 Restart SSH from the UI or run the following command:
 
-# &#x2F;etc&#x2F;init.d&#x2F;SSH restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7ae5b601-9784-4a3c-a326-964b65685df7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+# /etc/init.d/SSH restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000192' do\n  title 'The ESXi host Secure Shell (SSH) daemon must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.'\n  desc  \"\n    Display of a standardized and approved use notification before granting access to the host ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with applicable DOD policy. Use the following verbiage for a host that can accommodate banners of 1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) VMM (IS) that is provided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\n\n    Use the following verbiage for VMMs that have severe limitations on the number of characters that can be displayed in the banner:\n\n    \\\"I've read (literal ampersand) consent to terms in IS user agreem't.\\\"\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep banner\n\n    Expected result:\n\n    banner /etc/issue\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, navigate to and open:\n\n    /etc/ssh/sshd_config\n\n    Ensure that the \\\"Banner\\\" line is uncommented and set to the following:\n\n    Banner /etc/issue\n\n    Restart SSH from the UI or run the following command:\n\n    # /etc/init.d/SSH restart\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000023-VMM-000060'\n  tag gid: 'V-ESXI-80-000192'\n  tag rid: 'SV-ESXI-80-000192'\n  tag stig_id: 'ESXI-80-000192'\n  tag cci: ['CCI-000048']\n  tag nist: ['AC-8 a']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The ESXi Shell is an interactive command line interface (CLI) available at the ESXi server console. The ESXi shell provides temporary access to commands essential for server maintenance. Intended primarily for use in break-fix scenarios, the ESXi shell is well suited for checking and modifying configuration details, which are not always generally accessible, using the vSphere Client.
 
-The ESXi shell is accessible remotely using SSH by users with the Administrator role. Under normal operating conditions, SSH access to the host must be disabled as is the default. As with the ESXi shell, SSH is also intended only for temporary use during break-fix scenarios. SSH must therefore be disabled under normal operating conditions and must only be enabled for diagnostics or troubleshooting. Remote access to the host must therefore be limited to the vSphere Client or Host Client at all other times.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The ESXi shell is accessible remotely using SSH by users with the Administrator role. Under normal operating conditions, SSH access to the host must be disabled as is the default. As with the ESXi shell, SSH is also intended only for temporary use during break-fix scenarios. SSH must therefore be disabled under normal operating conditions and must only be enabled for diagnostics or troubleshooting. Remote access to the host must therefore be limited to the vSphere Client or Host Client at all other times.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under Services, locate the &quot;SSH&quot; service and verify it is &quot;Stopped&quot;.
+Under Services, locate the "SSH" service and verify it is "Stopped".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;SSH&quot;}
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "SSH"}
 
-If the SSH service is &quot;Running&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the SSH service is "Running", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot;, select the &quot;SSH&quot; service and click the &quot;Stop&quot; button.
+Under "Services", select the "SSH" service and click the "Stop" button.
 
-Click the &quot;Edit Startup policy...&quot; button.
+Click the "Edit Startup policy..." button.
 
-Select the &quot;Start and stop manually&quot; radio button.
+Select the "Start and stop manually" radio button.
 
-Click &quot;OK&quot;.
+Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;SSH&quot;} | Set-VMHostService -Policy Off
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;SSH&quot;} | Stop-VMHostService</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b0c6184a-3174-4571-b18b-38cea7c5e296</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002322</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;SSH&#39;} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp &#x3D;&#x3D; &quot;off&quot;
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "SSH"} | Set-VMHostService -Policy Off
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "SSH"} | Stop-VMHostService</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000193' do\n  title 'The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).'\n  desc  \"\n    The ESXi Shell is an interactive command line interface (CLI) available at the ESXi server console. The ESXi shell provides temporary access to commands essential for server maintenance. Intended primarily for use in break-fix scenarios, the ESXi shell is well suited for checking and modifying configuration details, which are not always generally accessible, using the vSphere Client.\n\n    The ESXi shell is accessible remotely using SSH by users with the Administrator role. Under normal operating conditions, SSH access to the host must be disabled as is the default. As with the ESXi shell, SSH is also intended only for temporary use during break-fix scenarios. SSH must therefore be disabled under normal operating conditions and must only be enabled for diagnostics or troubleshooting. Remote access to the host must therefore be limited to the vSphere Client or Host Client at all other times.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under Services, locate the \\\"SSH\\\" service and verify it is \\\"Stopped\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"SSH\\\"}\n\n    If the SSH service is \\\"Running\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\", select the \\\"SSH\\\" service and click the \\\"Stop\\\" button.\n\n    Click the \\\"Edit Startup policy...\\\" button.\n\n    Select the \\\"Start and stop manually\\\" radio button.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"SSH\\\"} | Set-VMHostService -Policy Off\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"SSH\\\"} | Stop-VMHostService\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000095-VMM-000480'\n  tag satisfies: ['SRG-OS-000297-VMM-001040', 'SRG-OS-000298-VMM-001050']\n  tag gid: 'V-ESXI-80-000193'\n  tag rid: 'SV-ESXI-80-000193'\n  tag stig_id: 'ESXI-80-000193'\n  tag cci: ['CCI-000381', 'CCI-002314', 'CCI-002322']\n  tag nist: ['AC-17 (1)', 'AC-17 (9)', 'CM-7 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'SSH'} | Select-Object -ExpandProperty Policy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'off' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'SSH'} | Select-Object -ExpandProperty Running\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002314</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002322</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'SSH'} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp == "off"
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;SSH&#39;} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
-
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'SSH'} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp == "false" :: MESSAGE 
 expected: false
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000095-VMM-000480</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The ESXi Shell is an interactive command line environment available locally from the Direct Console User Interface (DCUI) or remotely via SSH. Activities performed from the ESXi Shell bypass vCenter role-based access control (RBAC) and audit controls.
 
-The ESXi shell must only be turned on when needed to troubleshoot&#x2F;resolve problems that cannot be fixed through the vSphere client.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The ESXi shell must only be turned on when needed to troubleshoot/resolve problems that cannot be fixed through the vSphere client.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under Services, locate the &quot;ESXi Shell&quot; service and verify it is &quot;Stopped&quot;.
+Under Services, locate the "ESXi Shell" service and verify it is "Stopped".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;ESXi Shell&quot;}
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "ESXi Shell"}
 
-If the ESXi Shell service is &quot;Running&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the ESXi Shell service is "Running", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot;, select the &quot;ESXi Shell&quot; service and click the &quot;Stop&quot; button.
+Under "Services", select the "ESXi Shell" service and click the "Stop" button.
 
-Click the &quot;Edit Startup policy...&quot; button.
+Click the "Edit Startup policy..." button.
 
-Select the &quot;Start and stop manually&quot; radio button.
+Select the "Start and stop manually" radio button.
 
-Click &quot;OK&quot;.
+Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;ESXi Shell&quot;} | Set-VMHostService -Policy Off
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;ESXi Shell&quot;} | Stop-VMHostService</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2b3d1681-947f-4298-b599-594515edf8c3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;ESXi Shell&#39;} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp &#x3D;&#x3D; &quot;off&quot;
-
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "ESXi Shell"} | Set-VMHostService -Policy Off
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "ESXi Shell"} | Stop-VMHostService</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000194' do\n  title 'The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell.'\n  desc  \"\n    The ESXi Shell is an interactive command line environment available locally from the Direct Console User Interface (DCUI) or remotely via SSH. Activities performed from the ESXi Shell bypass vCenter role-based access control (RBAC) and audit controls.\n\n    The ESXi shell must only be turned on when needed to troubleshoot/resolve problems that cannot be fixed through the vSphere client.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under Services, locate the \\\"ESXi Shell\\\" service and verify it is \\\"Stopped\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"ESXi Shell\\\"}\n\n    If the ESXi Shell service is \\\"Running\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\", select the \\\"ESXi Shell\\\" service and click the \\\"Stop\\\" button.\n\n    Click the \\\"Edit Startup policy...\\\" button.\n\n    Select the \\\"Start and stop manually\\\" radio button.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"ESXi Shell\\\"} | Set-VMHostService -Policy Off\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"ESXi Shell\\\"} | Stop-VMHostService\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000095-VMM-000480'\n  tag gid: 'V-ESXI-80-000194'\n  tag rid: 'SV-ESXI-80-000194'\n  tag stig_id: 'ESXI-80-000194'\n  tag cci: ['CCI-000381']\n  tag nist: ['CM-7 a']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'ESXi Shell'} | Select-Object -ExpandProperty Policy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'off' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'ESXi Shell'} | Select-Object -ExpandProperty Running\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'ESXi Shell'} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp == "off" :: MESSAGE 
 expected: off
      got: on
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;ESXi Shell&#39;} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
-
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'ESXi Shell'} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp == "false" :: MESSAGE 
 expected: false
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must automatically stop shell services after ten minutes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When the ESXi Shell or Secure Shell (SSH) services are enabled on a host, they will run indefinitely. To avoid having these services left running, set the &quot;ESXiShellTimeOut&quot;. The &quot;ESXiShellTimeOut&quot; defines a window of time after which the ESXi Shell and SSH services will be stopped automatically.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must automatically stop shell services after ten minutes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When the ESXi Shell or Secure Shell (SSH) services are enabled on a host, they will run indefinitely. To avoid having these services left running, set the "ESXiShellTimeOut". The "ESXiShellTimeOut" defines a window of time after which the ESXi Shell and SSH services will be stopped automatically.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.ESXiShellTimeOut&quot; value and verify it is set to less than &quot;600&quot; and not &quot;0&quot;.
+Select the "UserVars.ESXiShellTimeOut" value and verify it is set to less than "600" and not "0".
 
 or
 
@@ -4515,150 +4330,142 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut
 
-If the &quot;UserVars.ESXiShellTimeOut&quot; setting is set to a value greater than &quot;600&quot; or &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.ESXiShellTimeOut" setting is set to a value greater than "600" or "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.ESXiShellTimeOut&quot; value and configure it to &quot;600&quot;.
+Click "Edit". Select the "UserVars.ESXiShellTimeOut" value and configure it to "600".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Set-AdvancedSetting -Value 600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>cce10f03-2843-4292-8668-2b01a63072e1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;&#x3D; 600
+Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Set-AdvancedSetting -Value 600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000195' do\n  title 'The ESXi host must automatically stop shell services after ten minutes.'\n  desc  'When the ESXi Shell or Secure Shell (SSH) services are enabled on a host, they will run indefinitely. To avoid having these services left running, set the \"ESXiShellTimeOut\". The \"ESXiShellTimeOut\" defines a window of time after which the ESXi Shell and SSH services will be stopped automatically.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.ESXiShellTimeOut\\\" value and verify it is set to less than \\\"600\\\" and not \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut\n\n    If the \\\"UserVars.ESXiShellTimeOut\\\" setting is set to a value greater than \\\"600\\\" or \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.ESXiShellTimeOut\\\" value and configure it to \\\"600\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Set-AdvancedSetting -Value 600\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000163-VMM-000700'\n  tag gid: 'V-ESXI-80-000195'\n  tag rid: 'SV-ESXI-80-000195'\n  tag stig_id: 'ESXI-80-000195'\n  tag cci: ['CCI-001133']\n  tag nist: ['SC-10']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp &lt;= 600 }\n        its('stdout.strip') { should_not cmp 0 }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;= 600
 --------------------------------
-failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp &#x3D;&#x3D; 0
-
+failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp == 0 :: MESSAGE 
 expected: 0
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must set a timeout to automatically end idle DCUI sessions after ten minutes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When the Direct Console User Interface (DCUI) is enabled and logged in, it should be automatically logged out if left logged on to avoid access by unauthorized persons. The &quot;DcuiTimeOut&quot; setting defines a window of time after which the DCUI will be logged out.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000163-VMM-000700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must set a timeout to automatically end idle DCUI sessions after ten minutes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When the Direct Console User Interface (DCUI) is enabled and logged in, it should be automatically logged out if left logged on to avoid access by unauthorized persons. The "DcuiTimeOut" setting defines a window of time after which the DCUI will be logged out.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.DcuiTimeOut&quot; value and verify it is set to less than &quot;600&quot; and not &quot;0&quot;.
+Select the "UserVars.DcuiTimeOut" value and verify it is set to less than "600" and not "0".
 
 or
 
@@ -4666,146 +4473,140 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut
 
-If the &quot;UserVars.DcuiTimeOut&quot; setting is set to a value greater than &quot;600&quot; or &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.DcuiTimeOut" setting is set to a value greater than "600" or "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.DcuiTimeOut&quot; value and configure it to &quot;600&quot;.
+Click "Edit". Select the "UserVars.DcuiTimeOut" value and configure it to "600".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Set-AdvancedSetting -Value 600</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8241e592-233d-440b-8738-054cc5f38894</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;&#x3D; 600
+Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Set-AdvancedSetting -Value 600</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000196' do\n  title 'The ESXi host must set a timeout to automatically end idle DCUI sessions after ten minutes.'\n  desc  'When the Direct Console User Interface (DCUI) is enabled and logged in, it should be automatically logged out if left logged on to avoid access by unauthorized persons. The \"DcuiTimeOut\" setting defines a window of time after which the DCUI will be logged out.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.DcuiTimeOut\\\" value and verify it is set to less than \\\"600\\\" and not \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut\n\n    If the \\\"UserVars.DcuiTimeOut\\\" setting is set to a value greater than \\\"600\\\" or \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.DcuiTimeOut\\\" value and configure it to \\\"600\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Set-AdvancedSetting -Value 600\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000163-VMM-000700'\n  tag gid: 'V-ESXI-80-000196'\n  tag rid: 'SV-ESXI-80-000196'\n  tag stig_id: 'ESXI-80-000196'\n  tag cci: ['CCI-001133']\n  tag nist: ['SC-10']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp &lt;= 600 }\n        its('stdout.strip') { should_not cmp 0 }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &lt;= 600
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp &#x3D;&#x3D; 0</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Select-Object -ExpandProperty Value stdout.strip is expected not to cmp == 0</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The vSphere management network provides access to the vSphere management interface on each component. Services running on the management interface provide an opportunity for an attacker to gain privileged access to the systems. Any remote attack most likely would begin with gaining entry to this network.
 
-The Management VMkernel port group can be on a standard or distributed virtual switch but must be on a dedicated VLAN. The Management VLAN must not be shared by any other function and must not be accessible to anything other than management-related functions such as vCenter.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The Management VMkernel port group can be on a standard or distributed virtual switch but must be on a dedicated VLAN. The Management VLAN must not be shared by any other function and must not be accessible to anything other than management-related functions such as vCenter.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
 
-Review each VMkernel adapter that is used for management traffic and view the &quot;Enabled services&quot;.
+Review each VMkernel adapter that is used for management traffic and view the "Enabled services".
 
 Review the VLAN associated with each VMkernel that is used for management traffic. Verify with the system administrator that they are dedicated for that purpose and are logically separated from other functions.
 
@@ -4813,10 +4614,10 @@ If any services are enabled on any Management VMkernel adapter, this is a findin
 
 If the network segment is accessible, except to networks where other management-related entities are located such as vCenter, this is a finding.
 
-If there are any other systems or devices such as VMs on the ESXi management segment, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If there are any other systems or devices such as VMs on the ESXi management segment, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuration of the management VMkernel will be unique to each environment.
 
 As an example, to modify the IP address and VLAN information to the correct network on a distributed switch do the following:
@@ -4825,153 +4626,143 @@ From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
 
-Select the Management VMkernel and click &quot;Edit&quot;. On the Port properties tab, uncheck all services except for &quot;Management&quot;. Click &quot;OK&quot;.
+Select the Management VMkernel and click "Edit". On the Port properties tab, uncheck all services except for "Management". Click "OK".
 
 From the vSphere Client, go to Networking.
 
 Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Click &quot;Edit&quot; and select VLAN.
-
-Change the &quot;VLAN Type&quot; to &quot;VLAN&quot; and change the &quot;VLAN ID&quot; to a network allocated and dedicated to management traffic exclusively. Click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fba04095-b741-4712-a506-edda7c24b0e2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostNetworkAdapter -Name vmk0 | Where-Object {$_.VMotionEnabled -eq &quot;True&quot; -or $_.FaultToleranceLoggingEnabled -eq &quot;True&quot; -or $_.VsanTrafficEnabled -eq &quot;True&quot; -or $_.VSphereReplicationEnabled -eq &quot;True&quot; -or $_.VSphereReplicationNFCEnabled -eq &quot;True&quot; -or $_.VSphereBackupNFCEnabled -eq &quot;True&quot;} | Select-Object -ExpandProperty DeviceName stdout.strip is expected to be empty
-expected &#x60;&quot;vmk0&quot;.empty?&#x60; to be truthy, got false
+Click "Edit" and select VLAN.
+
+Change the "VLAN Type" to "VLAN" and change the "VLAN ID" to a network allocated and dedicated to management traffic exclusively. Click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000198' do\n  title 'The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic.'\n  desc  \"\n    The vSphere management network provides access to the vSphere management interface on each component. Services running on the management interface provide an opportunity for an attacker to gain privileged access to the systems. Any remote attack most likely would begin with gaining entry to this network.\n\n    The Management VMkernel port group can be on a standard or distributed virtual switch but must be on a dedicated VLAN. The Management VLAN must not be shared by any other function and must not be accessible to anything other than management-related functions such as vCenter.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Review each VMkernel adapter that is used for management traffic and view the \\\"Enabled services\\\".\n\n    Review the VLAN associated with each VMkernel that is used for management traffic. Verify with the system administrator that they are dedicated for that purpose and are logically separated from other functions.\n\n    If any services are enabled on any Management VMkernel adapter, this is a finding.\n\n    If the network segment is accessible, except to networks where other management-related entities are located such as vCenter, this is a finding.\n\n    If there are any other systems or devices such as VMs on the ESXi management segment, this is a finding.\n  \"\n  desc 'fix', \"\n    Configuration of the management VMkernel will be unique to each environment.\n\n    As an example, to modify the IP address and VLAN information to the correct network on a distributed switch do the following:\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Select the Management VMkernel and click \\\"Edit\\\". On the Port properties tab, uncheck all services except for \\\"Management\\\". Click \\\"OK\\\".\n\n    From the vSphere Client, go to Networking.\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\" and select VLAN.\n\n    Change the \\\"VLAN Type\\\" to \\\"VLAN\\\" and change the \\\"VLAN ID\\\" to a network allocated and dedicated to management traffic exclusively. Click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000423-VMM-001700'\n  tag gid: 'V-ESXI-80-000198'\n  tag rid: 'SV-ESXI-80-000198'\n  tag stig_id: 'ESXI-80-000198'\n  tag cci: ['CCI-002418']\n  tag nist: ['SC-8']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -VMKernel | Where-Object {$_.ManagementTrafficEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n      vmks = powercli_command(command).stdout\n\n      vmks.split.each do |vmk|\n        # Check to see if Management and any other services are enabled on the same VMkernel adapter\n        command2 = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{vmk} | Where-Object {$_.VMotionEnabled -eq \\\"True\\\" -or $_.FaultToleranceLoggingEnabled -eq \\\"True\\\" -or $_.VsanTrafficEnabled -eq \\\"True\\\" -or $_.VSphereReplicationEnabled -eq \\\"True\\\" -or $_.VSphereReplicationNFCEnabled -eq \\\"True\\\" -or $_.VSphereBackupNFCEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n        describe powercli_command(command2) do\n          its('stdout.strip') { should be_empty }\n        end\n        # Get Management Port Group Name\n        command3 = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{vmk} | Select-Object -ExpandProperty PortGroupName\"\n        pgname = powercli_command(command3).stdout.strip\n        # Test standard port groups\n        command4 = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup -Name \\\"#{pgname}\\\" | Select-Object -ExpandProperty VlanId\"\n        stdpgs = powercli_command(command4).stdout.strip\n        unless stdpgs.empty?\n          describe 'Checking standand port group VLAN ID' do\n            subject { stdpgs }\n            it { should cmp \"#{input('mgtVlanId')}\" }\n          end\n        end\n        describe 'SA Interview' do\n          skip 'SA also needs to confirm this VLAN is dedicated to Management and not shared with VMs or other services.'\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostNetworkAdapter -Name vmk0 | Where-Object {$_.VMotionEnabled -eq "True" -or $_.FaultToleranceLoggingEnabled -eq "True" -or $_.VsanTrafficEnabled -eq "True" -or $_.VSphereReplicationEnabled -eq "True" -or $_.VSphereReplicationNFCEnabled -eq "True" -or $_.VSphereBackupNFCEnabled -eq "True"} | Select-Object -ExpandProperty DeviceName stdout.strip is expected to be empty :: MESSAGE expected `"vmk0".empty?` to be truthy, got false
 --------------------------------
-failed
-Checking standand port group VLAN ID is expected to cmp &#x3D;&#x3D; &quot;101&quot;
-
+failed :: TEST Checking standand port group VLAN ID is expected to cmp == "101" :: MESSAGE 
 expected: 101
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-skipped
-SA Interview
-SA also needs to confirm this VLAN is dedicated to Management and not shared with VMs or other services.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+skipped :: TEST SA Interview :: SKIP_MESSAGE SA also needs to confirm this VLAN is dedicated to Management and not shared with VMs or other services.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000423-VMM-001700</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Virtual machines (VMs) might share virtual switches and VLANs with the IP-based storage configurations. IP-based storage includes vSAN, iSCSI, and NFS. This configuration might expose IP-based storage traffic to unauthorized VM users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network.
 
-To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from any other traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and VMs will limit unauthorized users from viewing the traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from any other traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and VMs will limit unauthorized users from viewing the traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If IP-based storage is not used, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
 
-Review each VMkernel adapter that is used for IP-based storage traffic and view the &quot;Enabled services&quot;.
+Review each VMkernel adapter that is used for IP-based storage traffic and view the "Enabled services".
 
 Review the VLAN associated with each VMkernel that is used for IP-based storage traffic. Verify with the system administrator that they are dedicated for that purpose and are logically separated from other functions.
 
@@ -4979,17 +4770,17 @@ If any services are enabled on an NFS or iSCSI IP-based storage VMkernel adapter
 
 If any services are enabled on a vSAN VMkernel adapter other than vSAN, this is a finding.
 
-If any IP-based storage networks are not isolated from other traffic types, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If any IP-based storage networks are not isolated from other traffic types, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Configuration of an IP-Based VMkernel will be unique to each environment.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
 
-Select the VMkernel used for IP-based storage and click &quot;Edit&quot;. On the &quot;Port&quot; properties tab, uncheck all services. Click &quot;OK&quot;.
+Select the VMkernel used for IP-based storage and click "Edit". On the "Port" properties tab, uncheck all services. Click "OK".
 
 Note: For VMkernels used for vSAN leave the vSAN service enabled and uncheck all others.
 
@@ -4997,1579 +4788,1508 @@ From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual switches.
 
-Find the port group that is dedicated to IP-based storage and click the &#39;...&#39; button next to the name. Click &quot;Edit Settings&quot;.
-
-On the &quot;Properties&quot; tab, change the &quot;VLAN ID&quot; to one dedicated for IP-based storage traffic. Click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e237bab2-5ab0-4f7f-a327-6e39a7867812</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostNetworkAdapter -Name vmk0 | Where-Object {$_.ManagementTrafficEnabled -eq &quot;True&quot; -or $_.FaultToleranceLoggingEnabled -eq &quot;True&quot; -or $_.VMotionEnabled -eq &quot;True&quot; -or $_.VSphereReplicationEnabled -eq &quot;True&quot; -or $_.VSphereReplicationNFCEnabled -eq &quot;True&quot; -or $_.VSphereBackupNFCEnabled -eq &quot;True&quot;} | Select-Object -ExpandProperty DeviceName stdout.strip is expected to be empty
-expected &#x60;&quot;vmk0&quot;.empty?&#x60; to be truthy, got false</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host lockdown mode exception users list must be verified.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>While a host is in lockdown mode (strict or normal), only users on the &quot;Exception Users&quot; list are allowed access. These users do not lose their permissions when the host enters lockdown mode.
-
-The organization may want to add service accounts such as a backup agent to the Exception Users list. Verify the list of users exempted from losing permissions is legitimate and as needed per the environment. Adding unnecessary users to the exception list defeats the purpose of lockdown mode.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Find the port group that is dedicated to IP-based storage and click the '...' button next to the name. Click "Edit Settings".
+
+On the "Properties" tab, change the "VLAN ID" to one dedicated for IP-based storage traffic. Click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000199' do\n  title 'The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.'\n  desc  \"\n    Virtual machines (VMs) might share virtual switches and VLANs with the IP-based storage configurations. IP-based storage includes vSAN, iSCSI, and NFS. This configuration might expose IP-based storage traffic to unauthorized VM users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network.\n\n    To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from any other traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and VMs will limit unauthorized users from viewing the traffic.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If IP-based storage is not used, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Review each VMkernel adapter that is used for IP-based storage traffic and view the \\\"Enabled services\\\".\n\n    Review the VLAN associated with each VMkernel that is used for IP-based storage traffic. Verify with the system administrator that they are dedicated for that purpose and are logically separated from other functions.\n\n    If any services are enabled on an NFS or iSCSI IP-based storage VMkernel adapter, this is a finding.\n\n    If any services are enabled on a vSAN VMkernel adapter other than vSAN, this is a finding.\n\n    If any IP-based storage networks are not isolated from other traffic types, this is a finding.\n  \"\n  desc 'fix', \"\n    Configuration of an IP-Based VMkernel will be unique to each environment.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Select the VMkernel used for IP-based storage and click \\\"Edit\\\". On the \\\"Port\\\" properties tab, uncheck all services. Click \\\"OK\\\".\n\n    Note: For VMkernels used for vSAN leave the vSAN service enabled and uncheck all others.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual switches.\n\n    Find the port group that is dedicated to IP-based storage and click the '...' button next to the name. Click \\\"Edit Settings\\\".\n\n    On the \\\"Properties\\\" tab, change the \\\"VLAN ID\\\" to one dedicated for IP-based storage traffic. Click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000423-VMM-001700'\n  tag gid: 'V-ESXI-80-000199'\n  tag rid: 'SV-ESXI-80-000199'\n  tag stig_id: 'ESXI-80-000199'\n  tag cci: ['CCI-002418']\n  tag nist: ['SC-8']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      # Check for iSCSI HBAs\n      commandiscsihbas = \"Get-VMHost -Name #{vmhost} | Get-VMHostHba | Where {$_.Type -eq 'iscsi'}\"\n      iscsi_hbas = powercli_command(commandiscsihbas).stdout\n\n      # Check for vSAN VMkernels\n      commandvsanvmks = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -VMKernel | Where-Object {$_.VsanTrafficEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n      vsanvmks = powercli_command(commandvsanvmks).stdout\n\n      # Check for NFS Datastores\n      commandnfs = \"Get-VMHost -Name #{vmhost} | Get-Datastore | Where {$_.Type -eq 'NFS'} | Select-Object -ExpandProperty Name\"\n      nfsds = powercli_command(commandnfs).stdout\n\n      if iscsi_hbas.empty? &amp;&amp; vsanvmks.empty? &amp;&amp; nfsds.empty?\n        describe '' do\n          skip \"The ESXi host #{vmhost} is not using IP-based storage, so this control is N/A.\"\n        end\n      else\n        # Do any iSCSI VMKs have any services enabled?\n        commandivmks = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.iscsi.networkportal.list.Invoke() | Select-Object -ExpandProperty Vmknic\"\n        ivmks = powercli_command(commandivmks).stdout\n        ivmks.split.each do |ivmk|\n          commandvsck = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{ivmk} | Where-Object {$_.ManagementTrafficEnabled -eq \\\"True\\\" -or $_.VsanTrafficEnabled -eq \\\"True\\\" -or $_.FaultToleranceLoggingEnabled -eq \\\"True\\\" -or $_.VMotionEnabled -eq \\\"True\\\" -or $_.VSphereReplicationEnabled -eq \\\"True\\\" -or $_.VSphereReplicationNFCEnabled -eq \\\"True\\\" -or $_.VSphereBackupNFCEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n          describe powercli_command(commandvsck) do\n            its('stdout.strip') { should be_empty }\n          end\n        end\n        # Does the vSAN VMK have any other services enabled?\n        vsanvmks.split.each do |vmk|\n          commandvsck = \"Get-VMHost -Name #{vmhost} | Get-VMHostNetworkAdapter -Name #{vmk} | Where-Object {$_.ManagementTrafficEnabled -eq \\\"True\\\" -or $_.FaultToleranceLoggingEnabled -eq \\\"True\\\" -or $_.VMotionEnabled -eq \\\"True\\\" -or $_.VSphereReplicationEnabled -eq \\\"True\\\" -or $_.VSphereReplicationNFCEnabled -eq \\\"True\\\" -or $_.VSphereBackupNFCEnabled -eq \\\"True\\\"} | Select-Object -ExpandProperty DeviceName\"\n          describe powercli_command(commandvsck) do\n            its('stdout.strip') { should be_empty }\n          end\n        end\n        # Do any VMKs used for NFS storage have any services enabled?\n        unless nfsds.empty?\n          describe '' do\n            skip \"The ESXi host #{vmhost} has NFS datastores and requires manual validation.\"\n          end\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostNetworkAdapter -Name vmk0 | Where-Object {$_.ManagementTrafficEnabled -eq "True" -or $_.FaultToleranceLoggingEnabled -eq "True" -or $_.VMotionEnabled -eq "True" -or $_.VSphereReplicationEnabled -eq "True" -or $_.VSphereReplicationNFCEnabled -eq "True" -or $_.VSphereBackupNFCEnabled -eq "True"} | Select-Object -ExpandProperty DeviceName stdout.strip is expected to be empty :: MESSAGE expected `"vmk0".empty?` to be truthy, got false</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host lockdown mode exception users list must be verified.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>While a host is in lockdown mode (strict or normal), only users on the "Exception Users" list are allowed access. These users do not lose their permissions when the host enters lockdown mode.
+
+The organization may want to add service accounts such as a backup agent to the Exception Users list. Verify the list of users exempted from losing permissions is legitimate and as needed per the environment. Adding unnecessary users to the exception list defeats the purpose of lockdown mode.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For environments that do not use vCenter server to manage ESXi, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.
 
-Under &quot;Lockdown Mode&quot;, review the Exception Users list.
+Under "Lockdown Mode", review the Exception Users list.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following script:
 
-$vmhost &#x3D; Get-VMHost | Get-View
-$lockdown &#x3D; Get-View $vmhost.ConfigManager.HostAccessManager
+$vmhost = Get-VMHost | Get-View
+$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
 $lockdown.QueryLockdownExceptions()
 
 If the Exception Users list contains accounts that do not require special permissions, this is a finding.
 
-Note: The Exception Users list is empty by default and should remain that way except under site-specific circumstances.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Note: The Exception Users list is empty by default and should remain that way except under site-specific circumstances.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.
 
-Under &quot;Lockdown Mode&quot;, click &quot;Edit&quot; and remove unnecessary users from the Exception Users list.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9ced8256-c31b-4b1b-a57a-80145296ec26</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Exception users for host: 10.186.25.26 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH&#39;s cryptographic host-based authentication is more secure than &quot;.rhosts&quot; authentication, since hosts are cryptographically authenticated. However, it is not recommended that hosts unilaterally trust one another, even within an organization.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Under "Lockdown Mode", click "Edit" and remove unnecessary users from the Exception Users list.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000201' do\n  title 'The ESXi host lockdown mode exception users list must be verified.'\n  desc  \"\n    While a host is in lockdown mode (strict or normal), only users on the \\\"Exception Users\\\" list are allowed access. These users do not lose their permissions when the host enters lockdown mode.\n\n    The organization may want to add service accounts such as a backup agent to the Exception Users list. Verify the list of users exempted from losing permissions is legitimate and as needed per the environment. Adding unnecessary users to the exception list defeats the purpose of lockdown mode.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For environments that do not use vCenter server to manage ESXi, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.\n\n    Under \\\"Lockdown Mode\\\", review the Exception Users list.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following script:\n\n    $vmhost = Get-VMHost | Get-View\n    $lockdown = Get-View $vmhost.ConfigManager.HostAccessManager\n    $lockdown.QueryLockdownExceptions()\n\n    If the Exception Users list contains accounts that do not require special permissions, this is a finding.\n\n    Note: The Exception Users list is empty by default and should remain that way except under site-specific circumstances.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Security Profile.\n\n    Under \\\"Lockdown Mode\\\", click \\\"Edit\\\" and remove unnecessary users from the Exception Users list.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000201'\n  tag rid: 'SV-ESXI-80-000201'\n  tag stig_id: 'ESXI-80-000201'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost} | Get-View; (Get-View $vmhost.ConfigManager.HostAccessManager).QueryLockdownExceptions()\"\n      results = powercli_command(command).stdout\n      if !results.empty?\n        results.split.each do |exceptionUser|\n          describe \"Exception user: #{exceptionUser} on host: #{vmhost}\" do\n            subject { exceptionUser }\n            it { should be_in \"#{input('exceptionUsers')}\" }\n          end\n        end\n      else\n        describe \"Exception users for host: #{vmhost}\" do\n          subject { results }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Exception users for host: 10.186.25.26 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH's cryptographic host-based authentication is more secure than ".rhosts" authentication, since hosts are cryptographically authenticated. However, it is not recommended that hosts unilaterally trust one another, even within an organization.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep hostbasedauthentication
+# /usr/lib/vmware/openssh/bin/sshd -T | grep hostbasedauthentication
 
 Expected result:
 
 hostbasedauthentication no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-HostbasedAuthentication no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a99504c2-9fbf-471d-8d9c-777f92270782</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+HostbasedAuthentication no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000202' do\n  title 'The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.'\n  desc  \"SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. SSH's cryptographic host-based authentication is more secure than \\\".rhosts\\\" authentication, since hosts are cryptographically authenticated. However, it is not recommended that hosts unilaterally trust one another, even within an organization.\"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep hostbasedauthentication\n\n    Expected result:\n\n    hostbasedauthentication no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    HostbasedAuthentication no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000202'\n  tag rid: 'SV-ESXI-80-000202'\n  tag stig_id: 'ESXI-80-000202'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep permitemptypasswords
+# /usr/lib/vmware/openssh/bin/sshd -T | grep permitemptypasswords
 
 Expected result:
 
 permitemptypasswords no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-PermitEmptyPasswords no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c33b2bfa-c26a-4e56-a436-affb751e6431</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not permit user environment settings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SSH environment options potentially allow users to bypass access restriction in some configurations. Users must not be able to present environment options to the SSH daemon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+PermitEmptyPasswords no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000203' do\n  title 'The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password.'\n  desc  'Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep permitemptypasswords\n\n    Expected result:\n\n    permitemptypasswords no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    PermitEmptyPasswords no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000203'\n  tag rid: 'SV-ESXI-80-000203'\n  tag stig_id: 'ESXI-80-000203'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not permit user environment settings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SSH environment options potentially allow users to bypass access restriction in some configurations. Users must not be able to present environment options to the SSH daemon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep permituserenvironment
+# /usr/lib/vmware/openssh/bin/sshd -T | grep permituserenvironment
 
 Expected result:
 
 permituserenvironment no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-PermitUserEnvironment no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>48a278ea-c630-4183-b7ac-b8c6cb73de63</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If other users have access to modify user-specific SSH configuration files, they may be able to log on the system as another user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+PermitUserEnvironment no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000204' do\n  title 'The ESXi host Secure Shell (SSH) daemon must not permit user environment settings.'\n  desc  'SSH environment options potentially allow users to bypass access restriction in some configurations. Users must not be able to present environment options to the SSH daemon.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep permituserenvironment\n\n    Expected result:\n\n    permituserenvironment no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    PermitUserEnvironment no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000204'\n  tag rid: 'SV-ESXI-80-000204'\n  tag stig_id: 'ESXI-80-000204'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If other users have access to modify user-specific SSH configuration files, they may be able to log on the system as another user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep strictmodes
+# /usr/lib/vmware/openssh/bin/sshd -T | grep strictmodes
 
 Expected result:
 
 strictmodes yes
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-StrictModes yes</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eed8276e-4804-4a35-9170-2cf2a9f058b3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow compression.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+StrictModes yes</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000205' do\n  title 'The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files.'\n  desc  'If other users have access to modify user-specific SSH configuration files, they may be able to log on the system as another user.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep strictmodes\n\n    Expected result:\n\n    strictmodes yes\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    StrictModes yes\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000205'\n  tag rid: 'SV-ESXI-80-000205'\n  tag stig_id: 'ESXI-80-000205'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not allow compression.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep compression
+# /usr/lib/vmware/openssh/bin/sshd -T | grep compression
 
 Expected result:
 
 compression no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-Compression no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d581a3f4-55ec-49db-9bc5-5fd658749370</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SSH Transmission Control Protocol (TCP) connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can provide convenience similar to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs). Gateway ports allow remote forwarded ports to bind to nonloopback addresses on the server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+Compression no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000206' do\n  title 'The ESXi host Secure Shell (SSH) daemon must not allow compression.'\n  desc  'If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep compression\n\n    Expected result:\n\n    compression no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    Compression no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000206'\n  tag rid: 'SV-ESXI-80-000206'\n  tag stig_id: 'ESXI-80-000206'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SSH Transmission Control Protocol (TCP) connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can provide convenience similar to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs). Gateway ports allow remote forwarded ports to bind to nonloopback addresses on the server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep gatewayports
+# /usr/lib/vmware/openssh/bin/sshd -T | grep gatewayports
 
 Expected result:
 
 gatewayports no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-GatewayPorts no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7f16f2d9-6607-454f-8f78-220511cbe73b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+GatewayPorts no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000207' do\n  title 'The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.'\n  desc  'SSH Transmission Control Protocol (TCP) connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can provide convenience similar to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs). Gateway ports allow remote forwarded ports to bind to nonloopback addresses on the server.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep gatewayports\n\n    Expected result:\n\n    gatewayports no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    GatewayPorts no\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000207'\n  tag rid: 'SV-ESXI-80-000207'\n  tag stig_id: 'ESXI-80-000207'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep x11forwarding
+# /usr/lib/vmware/openssh/bin/sshd -T | grep x11forwarding
 
 Expected result:
 
 x11forwarding no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-X11Forwarding no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fb93a36b-3731-4028-969c-dfbedfd6dfaf</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not permit tunnels.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>OpenSSH has the ability to create network tunnels (layer 2 and layer 3) over an SSH connection. This function can provide similar convenience to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+X11Forwarding no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000208' do\n  title 'The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.'\n  desc  'X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep x11forwarding\n\n    Expected result:\n\n    x11forwarding no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    X11Forwarding no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000208'\n  tag rid: 'SV-ESXI-80-000208'\n  tag stig_id: 'ESXI-80-000208'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must not permit tunnels.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>OpenSSH has the ability to create network tunnels (layer 2 and layer 3) over an SSH connection. This function can provide similar convenience to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep permittunnel
+# /usr/lib/vmware/openssh/bin/sshd -T | grep permittunnel
 
 Expected result:
 
 permittunnel no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-PermitTunnel no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c8af399d-c64f-4962-8b1d-feb67926510e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Setting a timeout ensures that a user login will be terminated as soon as the &quot;ClientAliveCountMax&quot; is reached.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+PermitTunnel no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000209' do\n  title 'The ESXi host Secure Shell (SSH) daemon must not permit tunnels.'\n  desc  'OpenSSH has the ability to create network tunnels (layer 2 and layer 3) over an SSH connection. This function can provide similar convenience to a virtual private network (VPN) with the similar risk of providing a path to circumvent firewalls and network Access Control Lists (ACLs).'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep permittunnel\n\n    Expected result:\n\n    permittunnel no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    PermitTunnel no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000209'\n  tag rid: 'SV-ESXI-80-000209'\n  tag stig_id: 'ESXI-80-000209'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Setting a timeout ensures that a user login will be terminated as soon as the "ClientAliveCountMax" is reached.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep clientalivecountmax
+# /usr/lib/vmware/openssh/bin/sshd -T | grep clientalivecountmax
 
 Expected result:
 
 clientalivecountmax 3
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-ClientAliveCountMax 3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9284ae99-9363-4abc-9a33-262a087a5b5b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Automatically logging out idle users guards against compromises via hijacked administrative sessions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+ClientAliveCountMax 3</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000210' do\n  title 'The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions.'\n  desc  'Setting a timeout ensures that a user login will be terminated as soon as the \"ClientAliveCountMax\" is reached.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep clientalivecountmax\n\n    Expected result:\n\n    clientalivecountmax 3\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    ClientAliveCountMax 3\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000210'\n  tag rid: 'SV-ESXI-80-000210'\n  tag stig_id: 'ESXI-80-000210'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Automatically logging out idle users guards against compromises via hijacked administrative sessions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep clientaliveinterval
+# /usr/lib/vmware/openssh/bin/sshd -T | grep clientaliveinterval
 
 Expected result:
 
 clientaliveinterval 200
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-ClientAliveInterval 200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>65af0ad5-98d6-4efe-9d70-2910ace9e8ee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+ClientAliveInterval 200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000211' do\n  title 'The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions.'\n  desc  'Automatically logging out idle users guards against compromises via hijacked administrative sessions.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep clientaliveinterval\n\n    Expected result:\n\n    clientaliveinterval 200\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    ClientAliveInterval 200\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000211'\n  tag rid: 'SV-ESXI-80-000211'\n  tag stig_id: 'ESXI-80-000211'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
 # esxcli system snmp get
@@ -6584,10 +6304,10 @@ If SNMP is not in use and is enabled, this is a finding.
 
 If SNMP is enabled and is not using v3 targets with authentication, this is a finding.
 
-Note: SNMP v3 targets can only be viewed and configured via the &quot;esxcli&quot; command.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Note: SNMP v3 targets can only be viewed and configured via the "esxcli" command.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>To disable SNMP from an ESXi shell, run the following command:
 
 # esxcli system snmp set -e no
@@ -6596,129 +6316,124 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi Host:
 
-Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b5b69aaa-03da-40d3-9f7f-48d791a096a4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.snmp.get.Invoke() | Select-Object -ExpandProperty enable stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000212' do\n  title 'The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.'\n  desc  'If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli system snmp get\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHostSnmp | Select *\n\n    If SNMP is not in use and is enabled, this is a finding.\n\n    If SNMP is enabled and is not using v3 targets with authentication, this is a finding.\n\n    Note: SNMP v3 targets can only be viewed and configured via the \\\"esxcli\\\" command.\n  \"\n  desc 'fix', \"\n    To disable SNMP from an ESXi shell, run the following command:\n\n    # esxcli system snmp set -e no\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi Host:\n\n    Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000212'\n  tag rid: 'SV-ESXI-80-000212'\n  tag stig_id: 'ESXI-80-000212'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    if \"#{input('snmpEnabled')}\" == 'false'\n      vmhosts.each do |vmhost|\n        command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.snmp.get.Invoke() | Select-Object -ExpandProperty enable\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should cmp 'false' }\n        end\n      end\n    else\n      describe 'SNMP Enabled' do\n        skip 'Manually verify SNMP v3 is configured correctly and v2 is not used.'\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.snmp.get.Invoke() | Select-Object -ExpandProperty enable stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Published academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to try to determine an Advanced Encryption Standard (AES) encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing (TPS) is enabled between the two VMs. This technique works only in a highly controlled system configured in a nonstandard way that VMware believes would not be recreated in a production environment.
 
-Although VMware believes information being disclosed in real-world conditions is unrealistic, out of an abundance of caution, upcoming ESXi Update releases will no longer enable TPS between VMs by default (TPS will still be used within individual VMs).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Although VMware believes information being disclosed in real-world conditions is unrealistic, out of an abundance of caution, upcoming ESXi Update releases will no longer enable TPS between VMs by default (TPS will still be used within individual VMs).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Mem.ShareForceSalting&quot; value and verify it is set to &quot;2&quot;.
+Select the "Mem.ShareForceSalting" value and verify it is set to "2".
 
 or
 
@@ -6726,142 +6441,137 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Mem.ShareForceSalting
 
-If the &quot;Mem.ShareForceSalting&quot; setting is not set to 2, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Mem.ShareForceSalting" setting is not set to 2, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Mem.ShareForceSalting&quot; value and set it to &quot;2&quot;.
+Click "Edit". Select the "Mem.ShareForceSalting" value and set it to "2".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Mem.ShareForceSalting | Set-AdvancedSetting -Value 2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d8e200ef-60d4-4582-b221-103f877a0ca8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Mem.ShareForceSalting | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;2&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure the firewall to block network traffic by default.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>In addition to service-specific firewall rules, ESXi has a default firewall rule policy to allow or deny incoming and outgoing traffic. Reduce the risk of attack by ensuring this is set to deny incoming and outgoing traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Mem.ShareForceSalting | Set-AdvancedSetting -Value 2</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000213' do\n  title 'The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing.'\n  desc  \"\n    Published academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to try to determine an Advanced Encryption Standard (AES) encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing (TPS) is enabled between the two VMs. This technique works only in a highly controlled system configured in a nonstandard way that VMware believes would not be recreated in a production environment.\n\n    Although VMware believes information being disclosed in real-world conditions is unrealistic, out of an abundance of caution, upcoming ESXi Update releases will no longer enable TPS between VMs by default (TPS will still be used within individual VMs).\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Mem.ShareForceSalting\\\" value and verify it is set to \\\"2\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Mem.ShareForceSalting\n\n    If the \\\"Mem.ShareForceSalting\\\" setting is not set to 2, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Mem.ShareForceSalting\\\" value and set it to \\\"2\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Mem.ShareForceSalting | Set-AdvancedSetting -Value 2\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000213'\n  tag rid: 'SV-ESXI-80-000213'\n  tag stig_id: 'ESXI-80-000213'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Mem.ShareForceSalting | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '2' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Mem.ShareForceSalting | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "2"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure the firewall to block network traffic by default.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>In addition to service-specific firewall rules, ESXi has a default firewall rule policy to allow or deny incoming and outgoing traffic. Reduce the risk of attack by ensuring this is set to deny incoming and outgoing traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
 # esxcli network firewall get
 
-If the &quot;Default Action&quot; does not equal &quot;DROP&quot;, this is a finding.
-If &quot;Enabled&quot; does not equal &quot;true&quot;, this is a finding.
+If the "Default Action" does not equal "DROP", this is a finding.
+If "Enabled" does not equal "true", this is a finding.
 
 or
 
@@ -6869,143 +6579,138 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHostFirewallDefaultPolicy
 
-If the Incoming or Outgoing policies are &quot;True&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the Incoming or Outgoing policies are "True", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# esxcli network firewall set --default-action&#x3D;false
+# esxcli network firewall set --default-action=false
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHostFirewallDefaultPolicy | Set-VMHostFirewallDefaultPolicy -AllowIncoming $false -AllowOutgoing $false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>637e507d-69c5-4082-b6d3-769fa00cc42f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostFirewallDefaultPolicy stdout.strip is expected not to match &quot;True&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000215</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000215</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000215</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHostFirewallDefaultPolicy | Set-VMHostFirewallDefaultPolicy -AllowIncoming $false -AllowOutgoing $false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000214' do\n  title 'The ESXi host must configure the firewall to block network traffic by default.'\n  desc  'In addition to service-specific firewall rules, ESXi has a default firewall rule policy to allow or deny incoming and outgoing traffic. Reduce the risk of attack by ensuring this is set to deny incoming and outgoing traffic.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli network firewall get\n\n    If the \\\"Default Action\\\" does not equal \\\"DROP\\\", this is a finding.\n    If \\\"Enabled\\\" does not equal \\\"true\\\", this is a finding.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHostFirewallDefaultPolicy\n\n    If the Incoming or Outgoing policies are \\\"True\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli network firewall set --default-action=false\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHostFirewallDefaultPolicy | Set-VMHostFirewallDefaultPolicy -AllowIncoming $false -AllowOutgoing $false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000214'\n  tag rid: 'SV-ESXI-80-000214'\n  tag stig_id: 'ESXI-80-000214'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostFirewallDefaultPolicy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostFirewallDefaultPolicy stdout.strip is expected not to match "True"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000215</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000215</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000215</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>BPDU Guard and Portfast are commonly enabled on the physical switch to which the ESXi host is directly connected to reduce the Spanning Tree Protocol (STP) convergence delay.
 
 If a BPDU packet is sent from a virtual machine (VM) on the ESXi host to the physical switch configured as stated above, a cascading lockout of all the uplink interfaces from the ESXi host can occur. To prevent this type of lockout, BPDU Filter can be enabled on the ESXi host to drop any BPDU packets being sent to the physical switch.
 
-The caveat is that certain Secure Socket Layer (SSL) virtual private networks that use Windows bridging capability can legitimately generate BPDU packets. The administrator should verify no legitimate BPDU packets are generated by VMs on the ESXi host prior to enabling BPDU Filter. If BPDU Filter is enabled in this situation, enabling Reject Forged Transmits on the virtual switch port group adds protection against Spanning Tree loops.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The caveat is that certain Secure Socket Layer (SSL) virtual private networks that use Windows bridging capability can legitimately generate BPDU packets. The administrator should verify no legitimate BPDU packets are generated by VMs on the ESXi host prior to enabling BPDU Filter. If BPDU Filter is enabled in this situation, enabling Reject Forged Transmits on the virtual switch port group adds protection against Spanning Tree loops.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Net.BlockGuestBPDU&quot; value and verify it is set to &quot;1&quot;.
+Select the "Net.BlockGuestBPDU" value and verify it is set to "1".
 
 or
 
@@ -7013,149 +6718,144 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Net.BlockGuestBPDU
 
-If the &quot;Net.BlockGuestBPDU&quot; setting is not set to &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Net.BlockGuestBPDU" setting is not set to "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Net.BlockGuestBPDU&quot; value and configure it to &quot;1&quot;.
+Click "Edit". Select the "Net.BlockGuestBPDU" value and configure it to "1".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Set-AdvancedSetting -Value 1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9ca291e1-fdaa-41f7-92d1-6a57f108e2c3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;1&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000216</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject forged transmits.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Set-AdvancedSetting -Value 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000215' do\n  title 'The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.'\n  desc  \"\n    BPDU Guard and Portfast are commonly enabled on the physical switch to which the ESXi host is directly connected to reduce the Spanning Tree Protocol (STP) convergence delay.\n\n    If a BPDU packet is sent from a virtual machine (VM) on the ESXi host to the physical switch configured as stated above, a cascading lockout of all the uplink interfaces from the ESXi host can occur. To prevent this type of lockout, BPDU Filter can be enabled on the ESXi host to drop any BPDU packets being sent to the physical switch.\n\n    The caveat is that certain Secure Socket Layer (SSL) virtual private networks that use Windows bridging capability can legitimately generate BPDU packets. The administrator should verify no legitimate BPDU packets are generated by VMs on the ESXi host prior to enabling BPDU Filter. If BPDU Filter is enabled in this situation, enabling Reject Forged Transmits on the virtual switch port group adds protection against Spanning Tree loops.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Net.BlockGuestBPDU\\\" value and verify it is set to \\\"1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Net.BlockGuestBPDU\n\n    If the \\\"Net.BlockGuestBPDU\\\" setting is not set to \\\"1\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Net.BlockGuestBPDU\\\" value and configure it to \\\"1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Set-AdvancedSetting -Value 1\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000215'\n  tag rid: 'SV-ESXI-80-000215'\n  tag stig_id: 'ESXI-80-000215'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '1' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Net.BlockGuestBPDU | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "1"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000216</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject forged transmits.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the virtual machine (VM) operating system changes the Media Access Control (MAC) address, the operating system can send frames with an impersonated source MAC address at any time. This allows an operating system to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
 
 This means the virtual switch does not compare the source and effective MAC addresses.
 
-To protect against MAC address impersonation, all virtual switches must have forged transmissions set to reject. Reject Forged Transmit can be set at the vSwitch and&#x2F;or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+To protect against MAC address impersonation, all virtual switches must have forged transmissions set to reject. Reject Forged Transmit can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Note: This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click the &#39;...&#39; button next to each port group and select &quot;Edit Settings&quot;.
+On each standard switch, click the '...' button next to each port group and select "Edit Settings".
 
-Click the &quot;Security&quot; tab. Verify that &quot;Forged transmits&quot; is set to &quot;Reject&quot; and that &quot;Override&quot; is not checked.
+Click the "Security" tab. Verify that "Forged transmits" is set to "Reject" and that "Override" is not checked.
 
 or
 
@@ -7164,157 +6864,151 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 Get-VirtualSwitch | Get-SecurityPolicy
 Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *
 
-If the &quot;Forged Transmits&quot; policy is set to &quot;Accept&quot; (or &quot;true&quot;, via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Forged Transmits" policy is set to "Accept" (or "true", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click &quot;Edit&quot; and select Security.
+On each standard switch, click "Edit" and select Security.
 
-Set &quot;Forged transmits&quot; to &quot;Reject&quot;. Click &quot;OK&quot;.
+Set "Forged transmits" to "Reject". Click "OK".
 
-For each port group, click the &#39;...&#39; button and select &quot;Edit Settings&quot; then Security.
+For each port group, click the '...' button and select "Edit Settings" then Security.
 
-Set &quot;Forged transmits&quot; to &quot;Reject&quot; and uncheck the &quot;Override&quot; box. Click &quot;OK&quot;.
+Set "Forged transmits" to "Reject" and uncheck the "Override" box. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
 Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -ForgedTransmits $false
-Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -ForgedTransmitsInherited $true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b10712a8-9385-4bfd-8d04-9eebf3a814b3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected not to match &quot;True&quot;
+Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -ForgedTransmitsInherited $true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000216' do\n  title 'The ESXi host must configure virtual switch security policies to reject forged transmits.'\n  desc  \"\n    If the virtual machine (VM) operating system changes the Media Access Control (MAC) address, the operating system can send frames with an impersonated source MAC address at any time. This allows an operating system to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.\n\n    This means the virtual switch does not compare the source and effective MAC addresses.\n\n    To protect against MAC address impersonation, all virtual switches must have forged transmissions set to reject. Reject Forged Transmit can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Note: This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click the '...' button next to each port group and select \\\"Edit Settings\\\".\n\n    Click the \\\"Security\\\" tab. Verify that \\\"Forged transmits\\\" is set to \\\"Reject\\\" and that \\\"Override\\\" is not checked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy\n    Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *\n\n    If the \\\"Forged Transmits\\\" policy is set to \\\"Accept\\\" (or \\\"true\\\", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click \\\"Edit\\\" and select Security.\n\n    Set \\\"Forged transmits\\\" to \\\"Reject\\\". Click \\\"OK\\\".\n\n    For each port group, click the '...' button and select \\\"Edit Settings\\\" then Security.\n\n    Set \\\"Forged transmits\\\" to \\\"Reject\\\" and uncheck the \\\"Override\\\" box. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -ForgedTransmits $false\n    Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -ForgedTransmitsInherited $true\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000216'\n  tag rid: 'SV-ESXI-80-000216'\n  tag stig_id: 'ESXI-80-000216'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected not to match "True"
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected not to match &quot;True&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000217</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000217</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000217</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected not to match "True"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000217</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000217</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000217</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the virtual machine (VM) operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. This allows it to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
 
-This will prevent VMs from changing their effective MAC address, which will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing. &quot;Reject MAC Changes&quot; can be set at the vSwitch and&#x2F;or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+This will prevent VMs from changing their effective MAC address, which will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing. "Reject MAC Changes" can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click the &#39;...&#39; button next to each port group and select &quot;Edit Settings&quot;.
+On each standard switch, click the '...' button next to each port group and select "Edit Settings".
 
-Click the &quot;Security&quot; tab. Verify that &quot;MAC Address Changes&quot; is set to &quot;Reject&quot; and that &quot;Override&quot; is not checked.
+Click the "Security" tab. Verify that "MAC Address Changes" is set to "Reject" and that "Override" is not checked.
 
 or
 
@@ -7323,157 +7017,151 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 Get-VirtualSwitch | Get-SecurityPolicy
 Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *
 
-If the &quot;MAC Address Changes&quot; policy is set to &quot;Accept&quot; (or &quot;true&quot;, via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "MAC Address Changes" policy is set to "Accept" (or "true", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click &quot;Edit&quot; and select Security.
+On each standard switch, click "Edit" and select Security.
 
-Set &quot;MAC Address Changes&quot; to &quot;Reject&quot;. Click &quot;OK&quot;.
+Set "MAC Address Changes" to "Reject". Click "OK".
 
-For each port group, click the &#39;...&#39; button and select &quot;Edit Settings&quot; then Security.
+For each port group, click the '...' button and select "Edit Settings" then Security.
 
-Set &quot;MAC Address Changes&quot; to &quot;Reject&quot; and uncheck the &quot;Override&quot; box. Click &quot;OK&quot;.
+Set "MAC Address Changes" to "Reject" and uncheck the "Override" box. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
 Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -MacChanges $false
-Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -MacChangesInherited $true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9813f8a3-2fb4-47e4-a843-590fa19e650b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected not to match &quot;True&quot;
+Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -MacChangesInherited $true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000217' do\n  title 'The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes.'\n  desc  \"\n    If the virtual machine (VM) operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. This allows it to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.\n\n    This will prevent VMs from changing their effective MAC address, which will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing. \\\"Reject MAC Changes\\\" can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click the '...' button next to each port group and select \\\"Edit Settings\\\".\n\n    Click the \\\"Security\\\" tab. Verify that \\\"MAC Address Changes\\\" is set to \\\"Reject\\\" and that \\\"Override\\\" is not checked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy\n    Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *\n\n    If the \\\"MAC Address Changes\\\" policy is set to \\\"Accept\\\" (or \\\"true\\\", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click \\\"Edit\\\" and select Security.\n\n    Set \\\"MAC Address Changes\\\" to \\\"Reject\\\". Click \\\"OK\\\".\n\n    For each port group, click the '...' button and select \\\"Edit Settings\\\" then Security.\n\n    Set \\\"MAC Address Changes\\\" to \\\"Reject\\\" and uncheck the \\\"Override\\\" box. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -MacChanges $false\n    Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -MacChangesInherited $true\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000217'\n  tag rid: 'SV-ESXI-80-000217'\n  tag stig_id: 'ESXI-80-000217'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected not to match "True"
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected not to match &quot;True&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000218</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000218</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000218</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject promiscuous mode requests.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected not to match "True"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000218</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000218</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000218</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure virtual switch security policies to reject promiscuous mode requests.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>When promiscuous mode is enabled for a virtual switch, all virtual machines (VMs) connected to the Portgroup have the potential to read all packets across that network (only the virtual machines connected to that Portgroup).
 
-Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting. Promiscuous mode can be set at the vSwitch and&#x2F;or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting. Promiscuous mode can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click the &#39;...&#39; button next to each port group and select &quot;Edit Settings&quot;.
+On each standard switch, click the '...' button next to each port group and select "Edit Settings".
 
-Click the &quot;Security&quot; tab. Verify that &quot;Promiscuous Mode&quot; is set to &quot;Reject&quot; and that &quot;Override&quot; is not checked.
+Click the "Security" tab. Verify that "Promiscuous Mode" is set to "Reject" and that "Override" is not checked.
 
 or
 
@@ -7482,155 +7170,149 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 Get-VirtualSwitch | Get-SecurityPolicy
 Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *
 
-If the &quot;Promiscuous Mode&quot; policy is set to &quot;Accept&quot; (or &quot;true&quot;, via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Promiscuous Mode" policy is set to "Accept" (or "true", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-On each standard switch, click &quot;Edit&quot; and select Security.
+On each standard switch, click "Edit" and select Security.
 
-Set &quot;Promiscuous Mode&quot; to &quot;Reject&quot;. Click &quot;OK&quot;.
+Set "Promiscuous Mode" to "Reject". Click "OK".
 
-For each port group, click the &#39;...&#39; button and select &quot;Edit Settings&quot; then Security.
+For each port group, click the '...' button and select "Edit Settings" then Security.
 
-Set &quot;Promiscuous Mode&quot; to &quot;Reject&quot; and uncheck the &quot;Override&quot; box. Click &quot;OK&quot;.
+Set "Promiscuous Mode" to "Reject" and uncheck the "Override" box. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
 Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -AllowPromiscuous $false
-Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -AllowPromiscuousInherited $true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7a182848-19af-4af2-a4ac-85388b203856</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected not to match &quot;True&quot;
+Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -AllowPromiscuousInherited $true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000218' do\n  title 'The ESXi host must configure virtual switch security policies to reject promiscuous mode requests.'\n  desc  \"\n    When promiscuous mode is enabled for a virtual switch, all virtual machines (VMs) connected to the Portgroup have the potential to read all packets across that network (only the virtual machines connected to that Portgroup).\n\n    Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting. Promiscuous mode can be set at the vSwitch and/or the Portgroup level. Switch-level settings can be overridden at the Portgroup level.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click the '...' button next to each port group and select \\\"Edit Settings\\\".\n\n    Click the \\\"Security\\\" tab. Verify that \\\"Promiscuous Mode\\\" is set to \\\"Reject\\\" and that \\\"Override\\\" is not checked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy\n    Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object *\n\n    If the \\\"Promiscuous Mode\\\" policy is set to \\\"Accept\\\" (or \\\"true\\\", via PowerCLI) or the security policy inherited from the virtual switch is overridden, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    On each standard switch, click \\\"Edit\\\" and select Security.\n\n    Set \\\"Promiscuous Mode\\\" to \\\"Reject\\\". Click \\\"OK\\\".\n\n    For each port group, click the '...' button and select \\\"Edit Settings\\\" then Security.\n\n    Set \\\"Promiscuous Mode\\\" to \\\"Reject\\\" and uncheck the \\\"Override\\\" box. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy -AllowPromiscuous $false\n    Get-VirtualPortGroup | Get-SecurityPolicy | Set-SecurityPolicy -AllowPromiscuousInherited $true\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000218'\n  tag rid: 'SV-ESXI-80-000218'\n  tag stig_id: 'ESXI-80-000218'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match 'True' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualSwitch | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected not to match "True"
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected not to match &quot;True&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000219</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000219</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000219</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must restrict use of the dvFilter network application programming interface (API).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Get-SecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected not to match "True"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000219</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000219</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000219</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must restrict use of the dvFilter network application programming interface (API).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the organization is not using products that use the dvfilter network API, the host should not be configured to send network information to a virtual machine (VM).
 
 If the API is enabled, an attacker might attempt to connect a virtual machine to it, potentially providing access to the network of other VMs on the host.
 
-If using a product that makes use of this API, verify the host has been configured correctly. If not using such a product, ensure the setting is blank.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If using a product that makes use of this API, verify the host has been configured correctly. If not using such a product, ensure the setting is blank.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Net.DVFilterBindIpAddress&quot; value and verify the value is blank or the correct IP address of a security appliance if in use.
+Select the "Net.DVFilterBindIpAddress" value and verify the value is blank or the correct IP address of a security appliance if in use.
 
 or
 
@@ -7638,145 +7320,140 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress
 
-If the &quot;Net.DVFilterBindIpAddress&quot; setting is not blank and security appliances are not in use on the host, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Net.DVFilterBindIpAddress" setting is not blank and security appliances are not in use on the host, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Net.DVFilterBindIpAddress&quot; value and remove any incorrect addresses.
+Click "Edit". Select the "Net.DVFilterBindIpAddress" value and remove any incorrect addresses.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value &quot;&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>802ad697-cf1f-463f-8f4d-28d43e2c732f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value ""</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000219' do\n  title 'The ESXi host must restrict use of the dvFilter network application programming interface (API).'\n  desc  \"\n    If the organization is not using products that use the dvfilter network API, the host should not be configured to send network information to a virtual machine (VM).\n\n    If the API is enabled, an attacker might attempt to connect a virtual machine to it, potentially providing access to the network of other VMs on the host.\n\n    If using a product that makes use of this API, verify the host has been configured correctly. If not using such a product, ensure the setting is blank.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Net.DVFilterBindIpAddress\\\" value and verify the value is blank or the correct IP address of a security appliance if in use.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress\n\n    If the \\\"Net.DVFilterBindIpAddress\\\" setting is not blank and security appliances are not in use on the host, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Net.DVFilterBindIpAddress\\\" value and remove any incorrect addresses.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value \\\"\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000219'\n  tag rid: 'SV-ESXI-80-000219'\n  tag stig_id: 'ESXI-80-000219'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == ""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>When a port group is set to VLAN 4095, the vSwitch passes all network frames to the attached virtual machines (VMs) without modifying the VLAN tags. In vSphere, this is referred to as VGT. The VM must process the VLAN information itself via an 802.1Q driver in the operating system.
 
-VLAN 4095 must only be implemented if the attached VMs have been specifically authorized and are capable of managing VLAN tags themselves. If VLAN 4095 is enabled inappropriately, it may cause denial of service or allow a VM to interact with traffic on an unauthorized VLAN.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+VLAN 4095 must only be implemented if the attached VMs have been specifically authorized and are capable of managing VLAN tags themselves. If VLAN 4095 is enabled inappropriately, it may cause denial of service or allow a VM to interact with traffic on an unauthorized VLAN.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-For each standard switch, review the &quot;VLAN ID&quot; on each port group and verify it is not set to &quot;4095&quot;.
+For each standard switch, review the "VLAN ID" on each port group and verify it is not set to "4095".
 
 or
 
@@ -7784,143 +7461,138 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VirtualPortGroup | Select Name, VLanID
 
-If any port group is configured with VLAN 4095 and is not documented as a needed exception, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If any port group is configured with VLAN 4095 and is not documented as a needed exception, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.
 
-For each port group on a standard switch that is configured to a native VLAN, click the &#39;...&#39; button next to the port group.
+For each port group on a standard switch that is configured to a native VLAN, click the '...' button next to the port group.
 
-Click &quot;Edit Settings&quot;. On the &quot;Properties&quot; tab, change the &quot;VLAN ID&quot; to an appropriate VLAN ID. Click &quot;OK&quot;.
+Click "Edit Settings". On the "Properties" tab, change the "VLAN ID" to an appropriate VLAN ID. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VirtualPortGroup -Name &quot;portgroup name&quot; | Set-VirtualPortGroup -VLanId &quot;New VLAN#&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>154c68f2-292a-470f-b7ac-bcffe1dd4477</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Select-Object -ExpandProperty VlanId stdout.strip is expected not to match &quot;4095&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000221</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000221</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000221</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must have all security patches and updates installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VirtualPortGroup -Name "portgroup name" | Set-VirtualPortGroup -VLanId "New VLAN#"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000220' do\n  title 'The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches.'\n  desc  \"\n    When a port group is set to VLAN 4095, the vSwitch passes all network frames to the attached virtual machines (VMs) without modifying the VLAN tags. In vSphere, this is referred to as VGT. The VM must process the VLAN information itself via an 802.1Q driver in the operating system.\n\n    VLAN 4095 must only be implemented if the attached VMs have been specifically authorized and are capable of managing VLAN tags themselves. If VLAN 4095 is enabled inappropriately, it may cause denial of service or allow a VM to interact with traffic on an unauthorized VLAN.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    For each standard switch, review the \\\"VLAN ID\\\" on each port group and verify it is not set to \\\"4095\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VirtualPortGroup | Select Name, VLanID\n\n    If any port group is configured with VLAN 4095 and is not documented as a needed exception, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; Networking &gt;&gt; Virtual Switches.\n\n    For each port group on a standard switch that is configured to a native VLAN, click the '...' button next to the port group.\n\n    Click \\\"Edit Settings\\\". On the \\\"Properties\\\" tab, change the \\\"VLAN ID\\\" to an appropriate VLAN ID. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VirtualPortGroup -Name \\\"portgroup name\\\" | Set-VirtualPortGroup -VLanId \\\"New VLAN#\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000220'\n  tag rid: 'SV-ESXI-80-000220'\n  tag stig_id: 'ESXI-80-000220'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VirtualPortGroup | Select-Object -ExpandProperty VlanId\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not match '4095' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VirtualPortGroup | Select-Object -ExpandProperty VlanId stdout.strip is expected not to match "4095"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000221</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000221</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000221</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must have all security patches and updates installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Determine the current version and build:
 
 From the vSphere Client, go to Hosts and Clusters.
 
-Select the ESXi Host &gt;&gt; Summary. Note the version string next to &quot;Hypervisor:&quot;.
+Select the ESXi Host &gt;&gt; Summary. Note the version string next to "Hypervisor:".
 
 or
 
@@ -7932,19 +7604,19 @@ If the ESXi host does not have the latest patches, this is a finding.
 
 If the ESXi host is not on a supported release, this is a finding.
 
-The latest ESXi versions and their build numbers can be found here: https:&#x2F;&#x2F;kb.vmware.com&#x2F;s&#x2F;article&#x2F;2143832
+The latest ESXi versions and their build numbers can be found here: https://kb.vmware.com/s/article/2143832
 
 VMware also publishes Advisories on security patches and offers a way to subscribe to email alerts for them.
 
-Go to: https:&#x2F;&#x2F;www.vmware.com&#x2F;support&#x2F;policies&#x2F;security_response</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Go to: https://www.vmware.com/support/policies/security_response</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ESXi can be patched in multiple ways, and this fix text does not cover all methods.
 
 Manual patching when image profiles are not used:
 
-- Download the latest &quot;offline bundle&quot; .zip update from vmware.com. Verify the hash.
+- Download the latest "offline bundle" .zip update from vmware.com. Verify the hash.
 
 - Transfer the file to a datastore accessible by the ESXi host, local or remote.
 
@@ -7958,133 +7630,128 @@ Manual patching when image profiles are used:
 
 From an ESXi shell, run the following command:
 
-# esxcli software sources profile list -d &#x2F;vmfs&#x2F;volumes&#x2F;&lt;your datastore&gt;&#x2F;&lt;bundle name.zip&gt;
-
-Note the available profiles. The organization will usually want the one ending in &quot;-standard&quot;.
-
-# esxcli software profile update -p &lt;selected profile&gt; -d &#x2F;vmfs&#x2F;volumes&#x2F;&lt;your datastore&gt;&#x2F;&lt;bundle name.zip&gt;
-
-There will be little output during the update. Once complete, reboot the host for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>614d2acf-3c21-4f8a-b4ff-f1bfd24d91a1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VMHost -Name 10.186.25.26).ExtensionData.Config.Product.build stdout.strip is expected to cmp &#x3D;&#x3D; &quot;21813344&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000222</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000222</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000222</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not suppress warnings that the local or remote shell sessions are enabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Warnings that local or remote shell sessions are enabled alert administrators to activity they may not be aware of and need to investigate.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+# esxcli software sources profile list -d /vmfs/volumes/&lt;your datastore&gt;/&lt;bundle name.zip&gt;
+
+Note the available profiles. The organization will usually want the one ending in "-standard".
+
+# esxcli software profile update -p &lt;selected profile&gt; -d /vmfs/volumes/&lt;your datastore&gt;/&lt;bundle name.zip&gt;
+
+There will be little output during the update. Once complete, reboot the host for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000221' do\n  title 'The ESXi host must have all security patches and updates installed.'\n  desc  'Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.'\n  desc  'rationale', ''\n  desc  'check', \"\n    Determine the current version and build:\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Summary. Note the version string next to \\\"Hypervisor:\\\".\n\n    or\n\n    From a Secure Shell (SSH) session connected to the ESXi host, or from the ESXi shell, run the following command:\n\n    # vmware -v\n\n    If the ESXi host does not have the latest patches, this is a finding.\n\n    If the ESXi host is not on a supported release, this is a finding.\n\n    The latest ESXi versions and their build numbers can be found here: https://kb.vmware.com/s/article/2143832\n\n    VMware also publishes Advisories on security patches and offers a way to subscribe to email alerts for them.\n\n    Go to: https://www.vmware.com/support/policies/security_response\n  \"\n  desc 'fix', \"\n    ESXi can be patched in multiple ways, and this fix text does not cover all methods.\n\n    Manual patching when image profiles are not used:\n\n    - Download the latest \\\"offline bundle\\\" .zip update from vmware.com. Verify the hash.\n\n    - Transfer the file to a datastore accessible by the ESXi host, local or remote.\n\n    - Put the ESXi host into maintenance mode.\n\n    - From an ESXi shell, run the following command:\n\n    esxcli software vib update -d &lt;path to offline patch bundle.zip&gt;\n\n    Manual patching when image profiles are used:\n\n    From an ESXi shell, run the following command:\n\n    # esxcli software sources profile list -d /vmfs/volumes/&lt;your datastore&gt;/&lt;bundle name.zip&gt;\n\n    Note the available profiles. The organization will usually want the one ending in \\\"-standard\\\".\n\n    # esxcli software profile update -p &lt;selected profile&gt; -d /vmfs/volumes/&lt;your datastore&gt;/&lt;bundle name.zip&gt;\n\n    There will be little output during the update. Once complete, reboot the host for changes to take effect.\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000221'\n  tag rid: 'SV-ESXI-80-000221'\n  tag stig_id: 'ESXI-80-000221'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"(Get-VMHost -Name #{vmhost}).ExtensionData.Config.Product.build\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp \"#{input('esxiBuildNumber')}\" }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VMHost -Name 10.186.25.26).ExtensionData.Config.Product.build stdout.strip is expected to cmp == "21813344"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000222</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000222</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000222</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not suppress warnings that the local or remote shell sessions are enabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Warnings that local or remote shell sessions are enabled alert administrators to activity they may not be aware of and need to investigate.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.SuppressShellWarning&quot; value and verify it is set to &quot;0&quot;.
+Select the "UserVars.SuppressShellWarning" value and verify it is set to "0".
 
 or
 
@@ -8092,141 +7759,136 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning
 
-If the &quot;UserVars.SuppressShellWarning&quot; setting is not set to &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.SuppressShellWarning" setting is not set to "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.SuppressShellWarning&quot; value and configure it to &quot;0&quot;.
+Click "Edit". Select the "UserVars.SuppressShellWarning" value and configure it to "0".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1658f21f-9b99-4fe7-89c9-168f591ab425</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;0&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000223</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000223</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000223</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The L1 Terminal Fault (L1TF) CPU vulnerabilities published in 2018 have patches and mitigations available in vSphere. However, there are performance impacts to these mitigations that require careful thought and planning from the system administrator before implementation. Until a mitigation is implemented, the UI warning about the lack of a mitigation must not be dismissed so the system administrator does not assume the vulnerability has been addressed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000222' do\n  title 'The ESXi host must not suppress warnings that the local or remote shell sessions are enabled.'\n  desc  'Warnings that local or remote shell sessions are enabled alert administrators to activity they may not be aware of and need to investigate.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.SuppressShellWarning\\\" value and verify it is set to \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning\n\n    If the \\\"UserVars.SuppressShellWarning\\\" setting is not set to \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.SuppressShellWarning\\\" value and configure it to \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 0\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000222'\n  tag rid: 'SV-ESXI-80-000222'\n  tag stig_id: 'ESXI-80-000222'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '0' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "0"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000223</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000223</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000223</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The L1 Terminal Fault (L1TF) CPU vulnerabilities published in 2018 have patches and mitigations available in vSphere. However, there are performance impacts to these mitigations that require careful thought and planning from the system administrator before implementation. Until a mitigation is implemented, the UI warning about the lack of a mitigation must not be dismissed so the system administrator does not assume the vulnerability has been addressed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;UserVars.SuppressHyperthreadWarning&quot; value and verify it is set to &quot;0&quot;.
+Select the "UserVars.SuppressHyperthreadWarning" value and verify it is set to "0".
 
 or
 
@@ -8234,143 +7896,138 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning
 
-If the &quot;UserVars.SuppressHyperthreadWarning&quot; setting is not set to &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "UserVars.SuppressHyperthreadWarning" setting is not set to "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;UserVars.SuppressHyperthreadWarning&quot; value and configure it to &quot;0&quot;.
+Click "Edit". Select the "UserVars.SuppressHyperthreadWarning" value and configure it to "0".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Set-AdvancedSetting -Value 0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f638e158-cb44-4c05-bcc2-051768dc082d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;0&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000224</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000224</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000224</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must verify certificates for SSL syslog endpoints.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When sending syslog data to a remote host, ESXi can be configured to use any combination of TCP, UDP and SSL transports. When using SSL, the server certificate must be validated to ensure that the host is connecting to a valid syslog server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Set-AdvancedSetting -Value 0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000223' do\n  title 'The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities.'\n  desc  'The L1 Terminal Fault (L1TF) CPU vulnerabilities published in 2018 have patches and mitigations available in vSphere. However, there are performance impacts to these mitigations that require careful thought and planning from the system administrator before implementation. Until a mitigation is implemented, the UI warning about the lack of a mitigation must not be dismissed so the system administrator does not assume the vulnerability has been addressed.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"UserVars.SuppressHyperthreadWarning\\\" value and verify it is set to \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning\n\n    If the \\\"UserVars.SuppressHyperthreadWarning\\\" setting is not set to \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"UserVars.SuppressHyperthreadWarning\\\" value and configure it to \\\"0\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Set-AdvancedSetting -Value 0\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000223'\n  tag rid: 'SV-ESXI-80-000223'\n  tag stig_id: 'ESXI-80-000223'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '0' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name UserVars.SuppressHyperthreadWarning | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "0"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000224</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000224</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000224</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must verify certificates for SSL syslog endpoints.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When sending syslog data to a remote host, ESXi can be configured to use any combination of TCP, UDP and SSL transports. When using SSL, the server certificate must be validated to ensure that the host is connecting to a valid syslog server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If SSL is not used for a syslog target, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.logCheckSSLCerts&quot; value and verify it is set to &quot;true&quot;.
+Select the "Syslog.global.logCheckSSLCerts" value and verify it is set to "true".
 
 or
 
@@ -8378,159 +8035,153 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts
 
-If the &quot;Syslog.global.logCheckSSLCerts&quot; setting is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To configure SSL syslog endpoint certificate checking it must be turned on and also the trusted certificate chain must be added to ESXi&#39;s trusted store.
+If the "Syslog.global.logCheckSSLCerts" setting is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To configure SSL syslog endpoint certificate checking it must be turned on and also the trusted certificate chain must be added to ESXi's trusted store.
 
 From the vSphere Client go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.logCheckSSLCerts&quot; value and configure it to &quot;true&quot;.
+Click "Edit". Select the "Syslog.global.logCheckSSLCerts" value and configure it to "true".
 
-Copy the PEM formatted trusted CA certificate so that is accessible to the host and append the contents to &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;castore.pem by running the follow command:
+Copy the PEM formatted trusted CA certificate so that is accessible to the host and append the contents to /etc/vmware/ssl/castore.pem by running the follow command:
 
-# &lt;path&#x2F;to&#x2F;cacert&gt; &gt;&gt; &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;castore.pem
+# &lt;path/to/cacert&gt; &gt;&gt; /etc/vmware/ssl/castore.pem
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts | Set-AdvancedSetting -Value &quot;true&quot;
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts | Set-AdvancedSetting -Value "true"
 
 Copy the PEM formatted trusted CA certificate so that is accessible to the host.
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.security.certificatestore.add.CreateArgs()
-$arguments.filename &#x3D; &lt;path&#x2F;to&#x2F;cacert&gt;
-$esxcli.system.security.certificatestore.add.Invoke($arguments)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ec0a0891-5ffa-4278-9455-429d053acd7e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-
-No SSL syslog targets found, this check is not applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000225</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000225</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000225</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable volatile key destruction.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.security.certificatestore.add.CreateArgs()
+$arguments.filename = &lt;path/to/cacert&gt;
+$esxcli.system.security.certificatestore.add.Invoke($arguments)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000224' do\n  title 'The ESXi host must verify certificates for SSL syslog endpoints.'\n  desc  'When sending syslog data to a remote host, ESXi can be configured to use any combination of TCP, UDP and SSL transports. When using SSL, the server certificate must be validated to ensure that the host is connecting to a valid syslog server.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If SSL is not used for a syslog target, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.logCheckSSLCerts\\\" value and verify it is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts\n\n    If the \\\"Syslog.global.logCheckSSLCerts\\\" setting is not set to \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    To configure SSL syslog endpoint certificate checking it must be turned on and also the trusted certificate chain must be added to ESXi's trusted store.\n\n    From the vSphere Client go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.logCheckSSLCerts\\\" value and configure it to \\\"true\\\".\n\n    Copy the PEM formatted trusted CA certificate so that is accessible to the host and append the contents to /etc/vmware/ssl/castore.pem by running the follow command:\n\n    # &lt;path/to/cacert&gt; &gt;&gt; /etc/vmware/ssl/castore.pem\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts | Set-AdvancedSetting -Value \\\"true\\\"\n\n    Copy the PEM formatted trusted CA certificate so that is accessible to the host.\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.security.certificatestore.add.CreateArgs()\n    $arguments.filename = &lt;path/to/cacert&gt;\n    $esxcli.system.security.certificatestore.add.Invoke($arguments)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000224'\n  tag rid: 'SV-ESXI-80-000224'\n  tag stig_id: 'ESXI-80-000224'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.logHost | Where {$_.Value -match \\\"ssl\\\"} | Select-Object -ExpandProperty Value\"\n      syslogservers = powercli_command(command).stdout\n\n      if !syslogservers.empty?\n        command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.logCheckSSLCerts | Select-Object -ExpandProperty Value\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should cmp 'true' }\n        end\n      else\n        impact 0.0\n        describe '' do\n          skip 'No SSL syslog targets found, this check is not applicable.'\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE No SSL syslog targets found, this check is not applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000225</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000225</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000225</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable volatile key destruction.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>By default, pages allocated for virtual machines (VMs), userspace applications, and kernel threads are zeroed out at allocation time. ESXi will always ensure that no nonzero pages are exposed to VMs or userspace applications. While this prevents exposing cryptographic keys from VMs or userworlds to other clients, these keys can stay present in host memory for a long time if the memory is not reused.
 
 The NIAP Virtualization Protection Profile and Server Virtualization Extended Package require that memory that may contain cryptographic keys be zeroed upon process exit.
 
-To this end, a new configuration option, MemEagerZero, can be configured to enforce zeroing out userworld and guest memory pages when a userworld process or guest exits. For kernel threads, memory spaces holding keys are zeroed out as soon as the secret is no longer needed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+To this end, a new configuration option, MemEagerZero, can be configured to enforce zeroing out userworld and guest memory pages when a userworld process or guest exits. For kernel threads, memory spaces holding keys are zeroed out as soon as the secret is no longer needed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Mem.MemEagerZero&quot; value and verify it is set to &quot;1&quot;.
+Select the "Mem.MemEagerZero" value and verify it is set to "1".
 
 or
 
@@ -8538,149 +8189,142 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Mem.MemEagerZero
 
-If the &quot;Mem.MemEagerZero&quot; setting is not set to &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Mem.MemEagerZero" setting is not set to "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Mem.MemEagerZero&quot; value and configure it to &quot;1&quot;.
+Click "Edit". Select the "Mem.MemEagerZero" value and configure it to "1".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Mem.MemEagerZero | Set-AdvancedSetting -Value 1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>005bc009-575f-4d86-9a8b-97e273eceed0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Mem.MemEagerZero | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;1&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Mem.MemEagerZero | Set-AdvancedSetting -Value 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000225' do\n  title 'The ESXi host must enable volatile key destruction.'\n  desc  \"\n    By default, pages allocated for virtual machines (VMs), userspace applications, and kernel threads are zeroed out at allocation time. ESXi will always ensure that no nonzero pages are exposed to VMs or userspace applications. While this prevents exposing cryptographic keys from VMs or userworlds to other clients, these keys can stay present in host memory for a long time if the memory is not reused.\n\n    The NIAP Virtualization Protection Profile and Server Virtualization Extended Package require that memory that may contain cryptographic keys be zeroed upon process exit.\n\n    To this end, a new configuration option, MemEagerZero, can be configured to enforce zeroing out userworld and guest memory pages when a userworld process or guest exits. For kernel threads, memory spaces holding keys are zeroed out as soon as the secret is no longer needed.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Mem.MemEagerZero\\\" value and verify it is set to \\\"1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Mem.MemEagerZero\n\n    If the \\\"Mem.MemEagerZero\\\" setting is not set to \\\"1\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Mem.MemEagerZero\\\" value and configure it to \\\"1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Mem.MemEagerZero | Set-AdvancedSetting -Value 1\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000225'\n  tag rid: 'SV-ESXI-80-000225'\n  tag stig_id: 'ESXI-80-000225'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Mem.MemEagerZero | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '1' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Mem.MemEagerZero | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "1" :: MESSAGE 
 expected: 1
      got: 0
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000226</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000226</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000226</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure a session timeout for the vSphere API.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000226</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000226</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000226</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure a session timeout for the vSphere API.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The vSphere API (VIM) allows for remote, programmatic administration of the ESXi host. Authenticated API sessions are no different from a risk perspective than authenticated UI sessions and they need similar protections.
 
-One of these protections is a basic inactivity timeout, after which the session will be invalidated and reauthentication will be required by the application accessing the API. This is set to 30 seconds by default but can be disabled, thus leaving API sessions open indefinitely. The 30 second default must be verified and maintained.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+One of these protections is a basic inactivity timeout, after which the session will be invalidated and reauthentication will be required by the application accessing the API. This is set to 30 seconds by default but can be disabled, thus leaving API sessions open indefinitely. The 30 second default must be verified and maintained.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Config.HostAgent.vmacore.soap.sessionTimeout&quot; value and verify it is set to &quot;30&quot;.
+Select the "Config.HostAgent.vmacore.soap.sessionTimeout" value and verify it is set to "30".
 
 or
 
@@ -8688,141 +8332,136 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout
 
-If the &quot;Config.HostAgent.vmacore.soap.sessionTimeout&quot; setting is not set to &quot;30&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Config.HostAgent.vmacore.soap.sessionTimeout" setting is not set to "30", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Config.HostAgent.vmacore.soap.sessionTimeout&quot; value and configure it to &quot;30&quot;.
+Click "Edit". Select the "Config.HostAgent.vmacore.soap.sessionTimeout" value and configure it to "30".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Set-AdvancedSetting -Value 30</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b24b0b26-b7ae-4ce4-bff6-4fa1c04c91bc</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;30&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000227</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must be configured with an appropriate maximum password age.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The older an ESXi local account password is, the larger the opportunity window is for attackers to guess, crack or re-use a previously cracked password. Rotating passwords on a regular basis is a fundamental security practice and one that ESXi supports.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Set-AdvancedSetting -Value 30</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000226' do\n  title 'The ESXi host must configure a session timeout for the vSphere API.'\n  desc  \"\n    The vSphere API (VIM) allows for remote, programmatic administration of the ESXi host. Authenticated API sessions are no different from a risk perspective than authenticated UI sessions and they need similar protections.\n\n    One of these protections is a basic inactivity timeout, after which the session will be invalidated and reauthentication will be required by the application accessing the API. This is set to 30 seconds by default but can be disabled, thus leaving API sessions open indefinitely. The 30 second default must be verified and maintained.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Config.HostAgent.vmacore.soap.sessionTimeout\\\" value and verify it is set to \\\"30\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout\n\n    If the \\\"Config.HostAgent.vmacore.soap.sessionTimeout\\\" setting is not set to \\\"30\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Config.HostAgent.vmacore.soap.sessionTimeout\\\" value and configure it to \\\"30\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Set-AdvancedSetting -Value 30\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000226'\n  tag rid: 'SV-ESXI-80-000226'\n  tag stig_id: 'ESXI-80-000226'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '30' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Config.HostAgent.vmacore.soap.sessionTimeout | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "30"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000227</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must be configured with an appropriate maximum password age.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The older an ESXi local account password is, the larger the opportunity window is for attackers to guess, crack or re-use a previously cracked password. Rotating passwords on a regular basis is a fundamental security practice and one that ESXi supports.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Security.PasswordMaxDays&quot; value and verify it is set to &quot;90&quot;.
+Select the "Security.PasswordMaxDays" value and verify it is set to "90".
 
 or
 
@@ -8830,310 +8469,296 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays
 
-If the &quot;Security.PasswordMaxDays&quot; setting is not set to &quot;90&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Security.PasswordMaxDays" setting is not set to "90", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Security.PasswordMaxDays&quot; value and configure it to &quot;90&quot;.
+Click "Edit". Select the "Security.PasswordMaxDays" value and configure it to "90".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays | Set-AdvancedSetting -Value 90</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>68f9d35b-a2cf-4912-988e-330be9c86538</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordMaxDays | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;90&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays | Set-AdvancedSetting -Value 90</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000227' do\n  title 'The ESXi host must be configured with an appropriate maximum password age.'\n  desc  'The older an ESXi local account password is, the larger the opportunity window is for attackers to guess, crack or re-use a previously cracked password. Rotating passwords on a regular basis is a fundamental security practice and one that ESXi supports.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Security.PasswordMaxDays\\\" value and verify it is set to \\\"90\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays\n\n    If the \\\"Security.PasswordMaxDays\\\" setting is not set to \\\"90\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Security.PasswordMaxDays\\\" value and configure it to \\\"90\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays | Set-AdvancedSetting -Value 90\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000227'\n  tag rid: 'SV-ESXI-80-000227'\n  tag stig_id: 'ESXI-80-000227'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Security.PasswordMaxDays | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '90' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Security.PasswordMaxDays | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "90" :: MESSAGE 
 expected: 90
      got: 99999
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000228</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000228</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000228</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi Common Information Model (CIM) service must be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000228</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000228</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000228</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi Common Information Model (CIM) service must be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs). These APIs are consumed by external applications such as HP SIM or Dell OpenManage for agentless, remote hardware monitoring of the ESXi host.
 
-To reduce attack surface area and following the minimum functionality principal, the CIM service must be disabled unless explicitly needed and approved.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+To reduce attack surface area and following the minimum functionality principal, the CIM service must be disabled unless explicitly needed and approved.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot;, locate the &quot;CIM Server&quot; service and verify it is &quot;Stopped&quot; and the &quot;Startup Policy&quot; is set to &quot;Start and stop manually&quot;.
+Under "Services", locate the "CIM Server" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;CIM Server&quot;}
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "CIM Server"}
 
-If the &quot;CIM Server&quot; service does not have a &quot;Policy&quot; of &quot;off&quot; or is running, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "CIM Server" service does not have a "Policy" of "off" or is running, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot; select the &quot;CIM Server&quot; service and click the &quot;Stop&quot; button.
+Under "Services" select the "CIM Server" service and click the "Stop" button.
 
-Click &quot;Edit Startup policy...&quot; and select the &quot;Start and stop manually&quot; radio button. Click &quot;OK&quot;.
+Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;CIM Server&quot;} | Set-VMHostService -Policy Off
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;CIM Server&quot;} | Stop-VMHostService</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>207305b8-54ef-479f-96a9-b62aa3a69750</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;CIM Server&#39;} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp &#x3D;&#x3D; &quot;off&quot;
-
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "CIM Server"} | Set-VMHostService -Policy Off
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "CIM Server"} | Stop-VMHostService</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000228' do\n  title 'The ESXi Common Information Model (CIM) service must be disabled.'\n  desc  \"\n    The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs). These APIs are consumed by external applications such as HP SIM or Dell OpenManage for agentless, remote hardware monitoring of the ESXi host.\n\n    To reduce attack surface area and following the minimum functionality principal, the CIM service must be disabled unless explicitly needed and approved.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\", locate the \\\"CIM Server\\\" service and verify it is \\\"Stopped\\\" and the \\\"Startup Policy\\\" is set to \\\"Start and stop manually\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"CIM Server\\\"}\n\n    If the \\\"CIM Server\\\" service does not have a \\\"Policy\\\" of \\\"off\\\" or is running, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\" select the \\\"CIM Server\\\" service and click the \\\"Stop\\\" button.\n\n    Click \\\"Edit Startup policy...\\\" and select the \\\"Start and stop manually\\\" radio button. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"CIM Server\\\"} | Set-VMHostService -Policy Off\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"CIM Server\\\"} | Stop-VMHostService\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000228'\n  tag rid: 'SV-ESXI-80-000228'\n  tag stig_id: 'ESXI-80-000228'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'CIM Server'} | Select-Object -ExpandProperty Policy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'off' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'CIM Server'} | Select-Object -ExpandProperty Running\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'CIM Server'} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp == "off" :: MESSAGE 
 expected: off
      got: on
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;CIM Server&#39;} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000229</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must use DOD-approved certificates.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'CIM Server'} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000229</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must use DOD-approved certificates.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The default self-signed host certificate issued by the VMware Certificate Authority (VMCA) must be replaced with a DOD-approved certificate when the host will be accessed directly, such as during a virtual machine (VM) console connection.
 
-The use of a DOD certificate on the host assures clients the service they are connecting to is legitimate and properly secured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+The use of a DOD certificate on the host assures clients the service they are connecting to is legitimate and properly secured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Certificate.
 
 If the issuer is not a DOD-approved certificate authority, this is a finding.
 
-If the host will never be accessed directly (virtual machine console connections bypass vCenter), this is not a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the host will never be accessed directly (virtual machine console connections bypass vCenter), this is not a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Join the ESXi host to vCenter before replacing the certificate.
 
 Obtain a DOD-issued certificate and private key for the host following the requirements below:
@@ -9144,7 +8769,7 @@ Key format: PEM
 VMware supports PKCS8 and PKCS1 (RSA keys)
 x509 version 3
 
-SubjectAltName must contain DNS Name&#x3D;&lt;machine_FQDN&gt;
+SubjectAltName must contain DNS Name=&lt;machine_FQDN&gt;
 
 CRT (Base-64) format
 
@@ -9154,433 +8779,414 @@ Start time of one day before the current time
 
 CN (and SubjectAltName) set to the host name (or IP address) that the ESXi host has in the vCenter Server inventory
 
-From the vSphere Web Client, select the ESXi host&#39;s vCenter Server &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced Settings.
+From the vSphere Web Client, select the ESXi host's vCenter Server &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced Settings.
 
-Select the &quot;vpxd.certmgmt.mode&quot; value and ensure it is set to &quot;custom&quot;.
+Select the "vpxd.certmgmt.mode" value and ensure it is set to "custom".
 
 Put the host into maintenance mode.
 
-Temporarily enable Secure Shell (SSH) on the host. Use Secure Copy Protocol (SCP) to transfer the new certificate and key to &#x2F;tmp. SSH to the host. Back up the existing certificate and key:
+Temporarily enable Secure Shell (SSH) on the host. Use Secure Copy Protocol (SCP) to transfer the new certificate and key to /tmp. SSH to the host. Back up the existing certificate and key:
 
-# mv &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;rui.crt &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;rui.crt.bak
-# mv &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;rui.key &#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;rui.key.bak
+# mv /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.bak
+# mv /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.bak
 
-Copy the new certificate and key to &quot;&#x2F;etc&#x2F;vmware&#x2F;ssl&#x2F;&quot; and rename them to &quot;rui.crt&quot; and &quot;rui.key&quot; respectively.
+Copy the new certificate and key to "/etc/vmware/ssl/" and rename them to "rui.crt" and "rui.key" respectively.
 
 Restart management agents to implement the new certificate:
 
-# services.sh restart</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ac1f8a82-0a90-42b5-839d-3c7a74ccc1e8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-ssl_certificate for &#39;10.186.25.26&#39; issuer_organization is expected to cmp &#x3D;&#x3D; &quot;U.S. Government&quot;
-
+# services.sh restart</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000229' do\n  title 'The ESXi host must use DOD-approved certificates.'\n  desc  \"\n    The default self-signed host certificate issued by the VMware Certificate Authority (VMCA) must be replaced with a DOD-approved certificate when the host will be accessed directly, such as during a virtual machine (VM) console connection.\n\n    The use of a DOD certificate on the host assures clients the service they are connecting to is legitimate and properly secured.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Certificate.\n\n    If the issuer is not a DOD-approved certificate authority, this is a finding.\n\n    If the host will never be accessed directly (virtual machine console connections bypass vCenter), this is not a finding.\n  \"\n  desc 'fix', \"\n    Join the ESXi host to vCenter before replacing the certificate.\n\n    Obtain a DOD-issued certificate and private key for the host following the requirements below:\n\n    Key size: 2048 bits or more (PEM encoded)\n\n    Key format: PEM\n    VMware supports PKCS8 and PKCS1 (RSA keys)\n    x509 version 3\n\n    SubjectAltName must contain DNS Name=&lt;machine_FQDN&gt;\n\n    CRT (Base-64) format\n\n    Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment\n\n    Start time of one day before the current time\n\n    CN (and SubjectAltName) set to the host name (or IP address) that the ESXi host has in the vCenter Server inventory\n\n    From the vSphere Web Client, select the ESXi host's vCenter Server &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced Settings.\n\n    Select the \\\"vpxd.certmgmt.mode\\\" value and ensure it is set to \\\"custom\\\".\n\n    Put the host into maintenance mode.\n\n    Temporarily enable Secure Shell (SSH) on the host. Use Secure Copy Protocol (SCP) to transfer the new certificate and key to /tmp. SSH to the host. Back up the existing certificate and key:\n\n    # mv /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.bak\n    # mv /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.bak\n\n    Copy the new certificate and key to \\\"/etc/vmware/ssl/\\\" and rename them to \\\"rui.crt\\\" and \\\"rui.key\\\" respectively.\n\n    Restart management agents to implement the new certificate:\n\n    # services.sh restart\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000229'\n  tag rid: 'SV-ESXI-80-000229'\n  tag stig_id: 'ESXI-80-000229'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      describe ssl_certificate(host: \"#{vmhost}\", port: 443) do\n        its('issuer_organization') { should cmp 'U.S. Government' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST ssl_certificate for '10.186.25.26' issuer_organization is expected to cmp == "U.S. Government" :: MESSAGE 
 expected: U.S. Government
      got: sc2-10-186-30-81.eng.vmware.com
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must disable port forwarding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>While enabling Transmission Control Protocol (TCP) tunnels is a valuable function of sshd, this feature is not appropriate for use on the ESXi hypervisor.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host Secure Shell (SSH) daemon must disable port forwarding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>While enabling Transmission Control Protocol (TCP) tunnels is a valuable function of sshd, this feature is not appropriate for use on the ESXi hypervisor.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware&#x2F;openssh&#x2F;bin&#x2F;sshd -T | grep allowtcpforwarding
+# /usr/lib/vmware/openssh/bin/sshd -T | grep allowtcpforwarding
 
 Expected result:
 
 allowtcpforwarding no
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in &quot;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&quot;:
-
-AllowTcpForwarding no</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>97aa1f57-27c8-44a5-b2e5-96a17884666d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000231</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host OpenSLP service must be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From an ESXi shell, add or update the following line in "/etc/ssh/sshd_config":
+
+AllowTcpForwarding no</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000230' do\n  title 'The ESXi host Secure Shell (SSH) daemon must disable port forwarding.'\n  desc  'While enabling Transmission Control Protocol (TCP) tunnels is a valuable function of sshd, this feature is not appropriate for use on the ESXi hypervisor.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # /usr/lib/vmware/openssh/bin/sshd -T | grep allowtcpforwarding\n\n    Expected result:\n\n    allowtcpforwarding no\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, add or update the following line in \\\"/etc/ssh/sshd_config\\\":\n\n    AllowTcpForwarding no\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000230'\n  tag rid: 'SV-ESXI-80-000230'\n  tag stig_id: 'ESXI-80-000230'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000231</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host OpenSLP service must be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved.
 
-Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot;, locate the &quot;slpd&quot; service and verify it is &quot;Stopped&quot; and the &quot;Startup Policy&quot; is set to &quot;Start and stop manually&quot;.
+Under "Services", locate the "slpd" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;slpd&quot;}
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"}
 
-If the slpd service does not have a &quot;Policy&quot; of &quot;off&quot; or is running, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the slpd service does not have a "Policy" of "off" or is running, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.
 
-Under &quot;Services&quot; select the &quot;slpd&quot; service and click the &quot;Stop&quot; button.
+Under "Services" select the "slpd" service and click the "Stop" button.
 
-Click &quot;Edit Startup policy...&quot; and select the &quot;Start and stop manually&quot; radio button. Click &quot;OK&quot;.
+Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;slpd&quot;} | Set-VMHostService -Policy Off
-Get-VMHost | Get-VMHostService | Where {$_.Label -eq &quot;slpd&quot;} | Stop-VMHostService</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>56b3ce2f-a959-4c42-8204-b68a338d879f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;slpd&#39;} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp &#x3D;&#x3D; &quot;off&quot;
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Set-VMHostService -Policy Off
+Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Stop-VMHostService</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000231' do\n  title 'The ESXi host OpenSLP service must be disabled.'\n  desc  \"\n    OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved.\n\n    Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\", locate the \\\"slpd\\\" service and verify it is \\\"Stopped\\\" and the \\\"Startup Policy\\\" is set to \\\"Start and stop manually\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"slpd\\\"}\n\n    If the slpd service does not have a \\\"Policy\\\" of \\\"off\\\" or is running, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Services.\n\n    Under \\\"Services\\\" select the \\\"slpd\\\" service and click the \\\"Stop\\\" button.\n\n    Click \\\"Edit Startup policy...\\\" and select the \\\"Start and stop manually\\\" radio button. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"slpd\\\"} | Set-VMHostService -Policy Off\n    Get-VMHost | Get-VMHostService | Where {$_.Label -eq \\\"slpd\\\"} | Stop-VMHostService\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000231'\n  tag rid: 'SV-ESXI-80-000231'\n  tag stig_id: 'ESXI-80-000231'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'slpd'} | Select-Object -ExpandProperty Policy\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'off' }\n      end\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostService | Where {$_.Label -eq 'slpd'} | Select-Object -ExpandProperty Running\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'slpd'} | Select-Object -ExpandProperty Policy stdout.strip is expected to cmp == "off"
 --------------------------------
-passed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq &#39;slpd&#39;} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000232</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000232</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000232</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable audit logging.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-VMHostService | Where {$_.Label -eq 'slpd'} | Select-Object -ExpandProperty Running stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000232</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000232</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000232</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable audit logging.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ESXi offers both local and remote audit recordkeeping to meet the requirements of the NIAP Virtualization Protection Profile and Server Virtualization Extended Package. Local records are stored on any accessible local or VMFS path. Remote records are sent to the global syslog servers configured elsewhere.
 
 To operate in the NIAP validated state, ESXi must enable and properly configure this audit system. This system is disabled by default.
 
-Note: Audit records can be viewed locally via the &quot;&#x2F;bin&#x2F;viewAudit&quot; utility over SSH or at the ESXi shell.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Note: Audit records can be viewed locally via the "/bin/viewAudit" utility over SSH or at the ESXi shell.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.auditRecord.storageEnable&quot; value and verify it is set to &quot;true&quot;.
+Select the "Syslog.global.auditRecord.storageEnable" value and verify it is set to "true".
 
 or
 
@@ -9588,151 +9194,144 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable
 
-If the &quot;Syslog.global.auditRecord.storageEnable&quot; setting is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Syslog.global.auditRecord.storageEnable" setting is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.auditRecord.storageEnable&quot; value and configure it to &quot;true&quot;.
+Click "Edit". Select the "Syslog.global.auditRecord.storageEnable" value and configure it to "true".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Set-AdvancedSetting -Value &quot;true&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ad154438-41c4-4202-bf08-c27ca289662f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Set-AdvancedSetting -Value "true"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000232' do\n  title 'The ESXi host must enable audit logging.'\n  desc  \"\n    ESXi offers both local and remote audit recordkeeping to meet the requirements of the NIAP Virtualization Protection Profile and Server Virtualization Extended Package. Local records are stored on any accessible local or VMFS path. Remote records are sent to the global syslog servers configured elsewhere.\n\n    To operate in the NIAP validated state, ESXi must enable and properly configure this audit system. This system is disabled by default.\n\n    Note: Audit records can be viewed locally via the \\\"/bin/viewAudit\\\" utility over SSH or at the ESXi shell.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.auditRecord.storageEnable\\\" value and verify it is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable\n\n    If the \\\"Syslog.global.auditRecord.storageEnable\\\" setting is not set to \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.auditRecord.storageEnable\\\" value and configure it to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Set-AdvancedSetting -Value \\\"true\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000232'\n  tag rid: 'SV-ESXI-80-000232'\n  tag stig_id: 'ESXI-80-000232'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageEnable | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: False
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000233</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000342-VMM-001230</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000233</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000233</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must off-load audit records via syslog.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000233</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000342-VMM-001230</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000233</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000233</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must off-load audit records via syslog.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>ESXi offers both local and remote audit recordkeeping to meet the requirements of the NIAP Virtualization Protection Profile and Server Virtualization Extended Package. Local records are stored on any accessible local or VMFS path. Remote records are sent to the global syslog servers configured elsewhere.
 
 To operate in the NIAP validated state, ESXi must enable and properly configure this audit system. This system is disabled by default.
 
-Note: Audit records can be viewed locally via the &quot;&#x2F;bin&#x2F;viewAudit&quot; utility over SSH or at the ESXi shell.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Note: Audit records can be viewed locally via the "/bin/viewAudit" utility over SSH or at the ESXi shell.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.auditRecord.remoteEnable&quot; value and verify it is set to &quot;true&quot;.
+Select the "Syslog.global.auditRecord.remoteEnable" value and verify it is set to "true".
 
 or
 
@@ -9740,151 +9339,144 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable
 
-If the &quot;Syslog.global.auditRecord.remoteEnable&quot; setting is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Syslog.global.auditRecord.remoteEnable" setting is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.auditRecord.remoteEnable&quot; value and configure it to &quot;true&quot;.
+Click "Edit". Select the "Syslog.global.auditRecord.remoteEnable" value and configure it to "true".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Set-AdvancedSetting -Value &quot;true&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d223c3fe-11ae-4526-bbb1-825bcf4acd01</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Set-AdvancedSetting -Value "true"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000233' do\n  title 'The ESXi host must off-load audit records via syslog.'\n  desc  \"\n    ESXi offers both local and remote audit recordkeeping to meet the requirements of the NIAP Virtualization Protection Profile and Server Virtualization Extended Package. Local records are stored on any accessible local or VMFS path. Remote records are sent to the global syslog servers configured elsewhere.\n\n    To operate in the NIAP validated state, ESXi must enable and properly configure this audit system. This system is disabled by default.\n\n    Note: Audit records can be viewed locally via the \\\"/bin/viewAudit\\\" utility over SSH or at the ESXi shell.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.auditRecord.remoteEnable\\\" value and verify it is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable\n\n    If the \\\"Syslog.global.auditRecord.remoteEnable\\\" setting is not set to \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.auditRecord.remoteEnable\\\" value and configure it to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Set-AdvancedSetting -Value \\\"true\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000342-VMM-001230'\n  tag gid: 'V-ESXI-80-000233'\n  tag rid: 'SV-ESXI-80-000233'\n  tag stig_id: 'ESXI-80-000233'\n  tag cci: ['CCI-001851']\n  tag nist: ['AU-4 (1)']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.auditRecord.remoteEnable | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: False
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000234</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000234</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000234</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enable strict x509 verification for SSL syslog endpoints.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When sending syslog data to a remote host via SSL, the ESXi host is presented with the endpoint&#39;s SSL server certificate. In addition to trust verification, configured elsewhere, this &quot;x509-strict&quot; option performs additional validity checks on CA root certificates during verification.
-
-These checks are generally not performed (CA roots are inherently trusted) and might cause incompatibilities with existing, misconfigured CA roots. The NIAP requirements in the Virtualization Protection Profile and Server Virtualization Extended Package, however, require even CA roots to pass validations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000234</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000234</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000234</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enable strict x509 verification for SSL syslog endpoints.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When sending syslog data to a remote host via SSL, the ESXi host is presented with the endpoint's SSL server certificate. In addition to trust verification, configured elsewhere, this "x509-strict" option performs additional validity checks on CA root certificates during verification.
+
+These checks are generally not performed (CA roots are inherently trusted) and might cause incompatibilities with existing, misconfigured CA roots. The NIAP requirements in the Virtualization Protection Profile and Server Virtualization Extended Package, however, require even CA roots to pass validations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If SSL is not used for a syslog target, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.certificate.strictX509Compliance&quot; value and verify it is set to &quot;true&quot;.
+Select the "Syslog.global.certificate.strictX509Compliance" value and verify it is set to "true".
 
 or
 
@@ -9892,151 +9484,144 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance
 
-If the &quot;Syslog.global.certificate.strictX509Compliance&quot; setting is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Syslog.global.certificate.strictX509Compliance" setting is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.certificate.strictX509Compliance&quot; value and configure it to &quot;true&quot;.
+Click "Edit". Select the "Syslog.global.certificate.strictX509Compliance" value and configure it to "true".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Set-AdvancedSetting -Value &quot;true&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>523a95d4-7166-44d1-bc88-24afe230fe63</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Set-AdvancedSetting -Value "true"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000234' do\n  title 'The ESXi host must enable strict x509 verification for SSL syslog endpoints.'\n  desc  \"\n    When sending syslog data to a remote host via SSL, the ESXi host is presented with the endpoint's SSL server certificate. In addition to trust verification, configured elsewhere, this \\\"x509-strict\\\" option performs additional validity checks on CA root certificates during verification.\n\n    These checks are generally not performed (CA roots are inherently trusted) and might cause incompatibilities with existing, misconfigured CA roots. The NIAP requirements in the Virtualization Protection Profile and Server Virtualization Extended Package, however, require even CA roots to pass validations.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If SSL is not used for a syslog target, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.certificate.strictX509Compliance\\\" value and verify it is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance\n\n    If the \\\"Syslog.global.certificate.strictX509Compliance\\\" setting is not set to \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.certificate.strictX509Compliance\\\" value and configure it to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Set-AdvancedSetting -Value \\\"true\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000234'\n  tag rid: 'SV-ESXI-80-000234'\n  tag stig_id: 'ESXI-80-000234'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.certificate.strictX509Compliance | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: False
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000037-VMM-000150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000235</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must forward audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000037-VMM-000150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000235</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must forward audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
-Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user&#x2F;process&#x2F;VM identifiers, event descriptions, success&#x2F;fail indications, filenames involved, and access control or flow control rules invoked.
+Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process/VM identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
 
-Associating event types with detected events in the ESXi audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured host.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Associating event types with detected events in the ESXi audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured host.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.logLevel&quot; value and verify it is set to &quot;info&quot;.
+Select the "Syslog.global.logLevel" value and verify it is set to "info".
 
 or
 
@@ -10044,413 +9629,394 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logLevel
 
-If the &quot;Syslog.global.logLevel&quot; setting is not set to &quot;info&quot;, this is a finding.
+If the "Syslog.global.logLevel" setting is not set to "info", this is a finding.
 
-Note: Verbose logging level is acceptable for troubleshooting purposes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Note: Verbose logging level is acceptable for troubleshooting purposes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.logLevel&quot; value and configure it to &quot;info&quot;.
+Click "Edit". Select the "Syslog.global.logLevel" value and configure it to "info".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logLevel | Set-AdvancedSetting -Value &quot;info&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a7db61cb-5f4a-4825-8ea8-5ca64f855837</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.logLevel | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;info&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logLevel | Set-AdvancedSetting -Value "info"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000235' do\n  title 'The ESXi host must forward audit records containing information to establish what type of events occurred.'\n  desc  \"\n    Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.\n\n    Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process/VM identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.\n\n    Associating event types with detected events in the ESXi audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured host.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.logLevel\\\" value and verify it is set to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logLevel\n\n    If the \\\"Syslog.global.logLevel\\\" setting is not set to \\\"info\\\", this is a finding.\n\n    Note: Verbose logging level is acceptable for troubleshooting purposes.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.logLevel\\\" value and configure it to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logLevel | Set-AdvancedSetting -Value \\\"info\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000037-VMM-000150'\n  tag gid: 'V-ESXI-80-000235'\n  tag rid: 'SV-ESXI-80-000235'\n  tag stig_id: 'ESXI-80-000235'\n  tag cci: ['CCI-000130']\n  tag nist: ['AU-3']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Syslog.global.logLevel | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'info' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name Syslog.global.logLevel | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "info" :: MESSAGE 
 expected: info
      got: error
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000236</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000236</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000236</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not be configured to override virtual machine (VM) configurations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Each VM on an ESXi host runs in its own &quot;vmx&quot; process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.
-
-This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000236</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000236</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000236</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not be configured to override virtual machine (VM) configurations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.
+
+This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# stat -c &quot;%s&quot; &#x2F;etc&#x2F;vmware&#x2F;settings
+# stat -c "%s" /etc/vmware/settings
 
 Expected result:
 
 0
 
-If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the output does not match the expected result, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# echo -n &gt;&#x2F;etc&#x2F;vmware&#x2F;settings</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>40d582cc-56bb-4b0d-a13a-21ddefc41ef8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000237</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not be configured to override virtual machine (VM) logger settings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Each VM on an ESXi host runs in its own &quot;vmx&quot; process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.
-
-This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+# echo -n &gt;/etc/vmware/settings</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000236' do\n  title 'The ESXi host must not be configured to override virtual machine (VM) configurations.'\n  desc  \"\n    Each VM on an ESXi host runs in its own \\\"vmx\\\" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.\n\n    This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # stat -c \\\"%s\\\" /etc/vmware/settings\n\n    Expected result:\n\n    0\n\n    If the output does not match the expected result, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following command:\n\n    # echo -n &gt;/etc/vmware/settings\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000236'\n  tag rid: 'SV-ESXI-80-000236'\n  tag stig_id: 'ESXI-80-000236'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000237</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not be configured to override virtual machine (VM) logger settings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.
+
+This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# grep &quot;^vmx\.log&quot; &#x2F;etc&#x2F;vmware&#x2F;config
+# grep "^vmx\.log" /etc/vmware/config
 
-If the command produces any output, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the command produces any output, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following commands:
 
-# cp &#x2F;etc&#x2F;vmware&#x2F;config &#x2F;etc&#x2F;vmware&#x2F;config.bak
-# grep -v &quot;^vmx\.log&quot; &#x2F;etc&#x2F;vmware&#x2F;config.bak&gt;&#x2F;etc&#x2F;vmware&#x2F;config</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7ccdb490-599b-41e5-bb53-02ad327ddc6b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must require TPM-based configuration encryption.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>An ESXi host&#39;s configuration consists of configuration files for each service that runs on the host. The configuration files typically reside in the &#x2F;etc&#x2F; directory, but they can also reside in other namespaces. The configuration files contain run-time information about the state of the services. Over time, the default values in the configuration files might change, for example, when settings on the ESXi host are changed.
+# cp /etc/vmware/config /etc/vmware/config.bak
+# grep -v "^vmx\.log" /etc/vmware/config.bak&gt;/etc/vmware/config</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000237' do\n  title 'The ESXi host must not be configured to override virtual machine (VM) logger settings.'\n  desc  \"\n    Each VM on an ESXi host runs in its own \\\"vmx\\\" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM storage path on the datastore. The settings on the ESXi host are read first and take precedence over settings in the *.vmx file.\n\n    This can be a convenient way to set a setting in one place and have it apply to all VMs running on that host. The difficulty is in managing those settings and determining the effective state. Since managing per-VM vmx settings can be fully automated and customized while the ESXi setting cannot be easily queried, the ESXi configuration must not be used.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # grep \\\"^vmx\\\\.log\\\" /etc/vmware/config\n\n    If the command produces any output, this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following commands:\n\n    # cp /etc/vmware/config /etc/vmware/config.bak\n    # grep -v \\\"^vmx\\\\.log\\\" /etc/vmware/config.bak&gt;/etc/vmware/config\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000237'\n  tag rid: 'SV-ESXI-80-000237'\n  tag stig_id: 'ESXI-80-000237'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must require TPM-based configuration encryption.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>An ESXi host's configuration consists of configuration files for each service that runs on the host. The configuration files typically reside in the /etc/ directory, but they can also reside in other namespaces. The configuration files contain run-time information about the state of the services. Over time, the default values in the configuration files might change, for example, when settings on the ESXi host are changed.
 
 A cron job backs up the ESXi configuration files periodically, when ESXi shuts down gracefully or on demand, and creates an archived configuration file in the boot bank. When ESXi reboots, it reads the archived configuration file and recreates the state that ESXi was in when the backup was taken.
 
-Before vSphere 7.0 Update 2, the archived ESXi configuration file is not encrypted. In vSphere 7.0 Update 2 and later, the archived configuration file is encrypted. When the ESXi host is configured with a Trusted Platform Module (TPM), the TPM is used to &quot;seal&quot; the configuration to the host, providing a strong security guarantee and additional protection from offline attacks.
+Before vSphere 7.0 Update 2, the archived ESXi configuration file is not encrypted. In vSphere 7.0 Update 2 and later, the archived configuration file is encrypted. When the ESXi host is configured with a Trusted Platform Module (TPM), the TPM is used to "seal" the configuration to the host, providing a strong security guarantee and additional protection from offline attacks.
 
-Configuration encryption uses the physical TPM when it is available and supported at install or upgrade time. If the TPM was added or enabled later, the ESXi host must be told to reconfigure to use the newly available TPM. Once the TPM configuration encryption is enabled, it cannot be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Configuration encryption uses the physical TPM when it is available and supported at install or upgrade time. If the TPM was added or enabled later, the ESXi host must be told to reconfigure to use the newly available TPM. Once the TPM configuration encryption is enabled, it cannot be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.
 
 From an ESXi shell, run the following command:
@@ -10461,510 +10027,455 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.system.settings.encryption.get.invoke() | Select Mode
 
 Expected result:
 
 Mode: TPM
 
-If the &quot;Mode&quot; is not set to &quot;TPM&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Mode" is not set to "TPM", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Ensure the TPM 2.0 chip is enabled in the BIOS and the ESX UI does not show any errors about a present but unavailable TPM.
 
 This setting cannot be configured until the TPM is properly enabled in firmware.
 
 From an ESXi shell, run the following command:
 
-# esxcli system settings encryption set --mode&#x3D;TPM
+# esxcli system settings encryption set --mode=TPM
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.settings.encryption.set.CreateArgs()
-$arguments.mode &#x3D; &quot;TPM&quot;
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.settings.encryption.set.CreateArgs()
+$arguments.mode = "TPM"
 $esxcli.system.settings.encryption.set.Invoke($arguments)
 
-Evacuate the host and gracefully reboot for changes to take effect.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a82e45a5-e379-43ad-93a4-8aee98cd85c3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty Mode stdout.strip is expected to cmp &#x3D;&#x3D; &quot;TPM&quot;
-
+Evacuate the host and gracefully reboot for changes to take effect.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000238' do\n  title 'The ESXi host must require TPM-based configuration encryption.'\n  desc  \"\n    An ESXi host's configuration consists of configuration files for each service that runs on the host. The configuration files typically reside in the /etc/ directory, but they can also reside in other namespaces. The configuration files contain run-time information about the state of the services. Over time, the default values in the configuration files might change, for example, when settings on the ESXi host are changed.\n\n    A cron job backs up the ESXi configuration files periodically, when ESXi shuts down gracefully or on demand, and creates an archived configuration file in the boot bank. When ESXi reboots, it reads the archived configuration file and recreates the state that ESXi was in when the backup was taken.\n\n    Before vSphere 7.0 Update 2, the archived ESXi configuration file is not encrypted. In vSphere 7.0 Update 2 and later, the archived configuration file is encrypted. When the ESXi host is configured with a Trusted Platform Module (TPM), the TPM is used to \\\"seal\\\" the configuration to the host, providing a strong security guarantee and additional protection from offline attacks.\n\n    Configuration encryption uses the physical TPM when it is available and supported at install or upgrade time. If the TPM was added or enabled later, the ESXi host must be told to reconfigure to use the newly available TPM. Once the TPM configuration encryption is enabled, it cannot be disabled.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.\n\n    From an ESXi shell, run the following command:\n\n    # esxcli system settings encryption get\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.settings.encryption.get.invoke() | Select Mode\n\n    Expected result:\n\n    Mode: TPM\n\n    If the \\\"Mode\\\" is not set to \\\"TPM\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    Ensure the TPM 2.0 chip is enabled in the BIOS and the ESX UI does not show any errors about a present but unavailable TPM.\n\n    This setting cannot be configured until the TPM is properly enabled in firmware.\n\n    From an ESXi shell, run the following command:\n\n    # esxcli system settings encryption set --mode=TPM\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.settings.encryption.set.CreateArgs()\n    $arguments.mode = \\\"TPM\\\"\n    $esxcli.system.settings.encryption.set.Invoke($arguments)\n\n    Evacuate the host and gracefully reboot for changes to take effect.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000238'\n  tag rid: 'SV-ESXI-80-000238'\n  tag stig_id: 'ESXI-80-000238'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty Mode\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'TPM' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.encryption.get.invoke() | Select-Object -ExpandProperty Mode stdout.strip is expected to cmp == "TPM" :: MESSAGE 
 expected: TPM
      got: NONE
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000239</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000239</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000239</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure the firewall to restrict access to services running on the host.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to only allow access from authorized networks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000239</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000239</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000239</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure the firewall to restrict access to services running on the host.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to only allow access from authorized networks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Firewall.
 
-Under the &quot;Allowed IP addresses&quot; column, review the allowed IPs for each service.
+Under the "Allowed IP addresses" column, review the allowed IPs for each service.
 
-Check this for &quot;Incoming&quot; and &quot;Outgoing&quot; sections.
+Check this for "Incoming" and "Outgoing" sections.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-VMHostFirewallException | Where {$_.Enabled -eq $true} | Select Name,Enabled,@{N&#x3D;&quot;AllIPEnabled&quot;;E&#x3D;{$_.ExtensionData.AllowedHosts.AllIP}}
+Get-VMHost | Get-VMHostFirewallException | Where {$_.Enabled -eq $true} | Select Name,Enabled,@{N="AllIPEnabled";E={$_.ExtensionData.AllowedHosts.AllIP}}
 
-If for an enabled service &quot;Allow connections from any IP address&quot; is selected, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If for an enabled service "Allow connections from any IP address" is selected, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Firewall.
 
-Click &quot;Edit...&quot;. For each enabled service, uncheck the check box to &quot;Allow connections from any IP address&quot; and input the site-specific network(s) required.
+Click "Edit...". For each enabled service, uncheck the check box to "Allow connections from any IP address" and input the site-specific network(s) required.
 
 The following example formats are acceptable:
 
-192.168.0.0&#x2F;24
-192.168.1.2, 2001::1&#x2F;64
-fd3e:29a6:0a81:e478::&#x2F;64
+192.168.0.0/24
+192.168.1.2, 2001::1/64
+fd3e:29a6:0a81:e478::/64
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 #This disables the allow all rule for the target service. We are targeting the sshServer service in this example.
-$arguments &#x3D; $esxcli.network.firewall.ruleset.set.CreateArgs()
-$arguments.rulesetid &#x3D; &quot;sshServer&quot;
-$arguments.allowedall &#x3D; $false
+$arguments = $esxcli.network.firewall.ruleset.set.CreateArgs()
+$arguments.rulesetid = "sshServer"
+$arguments.allowedall = $false
 $esxcli.network.firewall.ruleset.set.Invoke($arguments)
 
-#Next add the allowed IPs for the service. Note doing the &quot;vSphere Web Client&quot; service this way may disable access but may be done through vCenter or through the console.
-$arguments &#x3D; $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs()
-$arguments.rulesetid &#x3D; &quot;sshServer&quot;
-$arguments.ipaddress &#x3D; &quot;10.0.0.0&#x2F;8&quot;
+#Next add the allowed IPs for the service. Note doing the "vSphere Web Client" service this way may disable access but may be done through vCenter or through the console.
+$arguments = $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs()
+$arguments.rulesetid = "sshServer"
+$arguments.ipaddress = "10.0.0.0/8"
 $esxcli.network.firewall.ruleset.allowedip.add.Invoke($arguments)
 
-This must be done for each enabled service.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>37e3928c-59d6-4b5f-a874-944bbccd696a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+This must be done for each enabled service.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000239' do\n  title 'The ESXi host must configure the firewall to restrict access to services running on the host.'\n  desc  'Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to only allow access from authorized networks.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Firewall.\n\n    Under the \\\"Allowed IP addresses\\\" column, review the allowed IPs for each service.\n\n    Check this for \\\"Incoming\\\" and \\\"Outgoing\\\" sections.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-VMHostFirewallException | Where {$_.Enabled -eq $true} | Select Name,Enabled,@{N=\\\"AllIPEnabled\\\";E={$_.ExtensionData.AllowedHosts.AllIP}}\n\n    If for an enabled service \\\"Allow connections from any IP address\\\" is selected, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Firewall.\n\n    Click \\\"Edit...\\\". For each enabled service, uncheck the check box to \\\"Allow connections from any IP address\\\" and input the site-specific network(s) required.\n\n    The following example formats are acceptable:\n\n    192.168.0.0/24\n    192.168.1.2, 2001::1/64\n    fd3e:29a6:0a81:e478::/64\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    #This disables the allow all rule for the target service. We are targeting the sshServer service in this example.\n    $arguments = $esxcli.network.firewall.ruleset.set.CreateArgs()\n    $arguments.rulesetid = \\\"sshServer\\\"\n    $arguments.allowedall = $false\n    $esxcli.network.firewall.ruleset.set.Invoke($arguments)\n\n    #Next add the allowed IPs for the service. Note doing the \\\"vSphere Web Client\\\" service this way may disable access but may be done through vCenter or through the console.\n    $arguments = $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs()\n    $arguments.rulesetid = \\\"sshServer\\\"\n    $arguments.ipaddress = \\\"10.0.0.0/8\\\"\n    $esxcli.network.firewall.ruleset.allowedip.add.Invoke($arguments)\n\n    This must be done for each enabled service.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000239'\n  tag rid: 'SV-ESXI-80-000239'\n  tag stig_id: 'ESXI-80-000239'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"(Get-VMHost -Name #{vmhost} | Get-VMHostFirewallException | Where {$_.Enabled -eq $true}).ExtensionData.AllowedHosts.AllIP\"\n      powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\").each do |result|\n        describe result do\n          it { should_not cmp 'True' }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-passed
-False is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
+passed :: TEST False is expected not to cmp == "True"
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
+(compared using `cmp` matcher)
 
 --------------------------------
-failed
-True is expected not to cmp &#x3D;&#x3D; &quot;True&quot;
-
+failed :: TEST True is expected not to cmp == "True" :: MESSAGE 
 expected: True
      got: True
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000240</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host when using Host Profiles and&#x2F;or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a host is configured to join an Active Directory domain using Host Profiles and&#x2F;or Auto Deploy, the Active Directory credentials are saved in the profile and are transmitted over the network.
-
-To avoid having to save Active Directory credentials in the Host Profile and to avoid transmitting Active Directory credentials over the network, use the vSphere Authentication Proxy.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000240</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host when using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a host is configured to join an Active Directory domain using Host Profiles and/or Auto Deploy, the Active Directory credentials are saved in the profile and are transmitted over the network.
+
+To avoid having to save Active Directory credentials in the Host Profile and to avoid transmitting Active Directory credentials over the network, use the vSphere Authentication Proxy.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For environments that do not use vCenter server to manage ESXi, this is not applicable.
 
 If the organization is not using Host Profiles to join Active Directory, this is not applicable.
@@ -10973,150 +10484,144 @@ From the vSphere Client, go to Home &gt;&gt; Policies and Profiles &gt;&gt; Host
 
 Click a Host Profile &gt;&gt; Configure &gt;&gt; Security and Services &gt;&gt; Security Settings &gt;&gt; Authentication Configuration &gt;&gt; Active Directory Configuration &gt;&gt; Join Domain Method.
 
-If the method used to join hosts to a domain is not set to &quot;Use vSphere Authentication Proxy to add the host to domain&quot;, this is a finding.
+If the method used to join hosts to a domain is not set to "Use vSphere Authentication Proxy to add the host to domain", this is a finding.
 
 or
 
 From a PowerCLI command prompt while connected to vCenter, run the following command:
 
-Get-VMHost | Select Name, &#x60; @{N&#x3D;&quot;HostProfile&quot;;E&#x3D;{$_ | Get-VMHostProfile}}, &#x60; @{N&#x3D;&quot;JoinADEnabled&quot;;E&#x3D;{($_ | Get-VmHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory.Enabled}}, &#x60; @{N&#x3D;&quot;JoinDomainMethod&quot;;E&#x3D;{(($_ | Get-VMHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory | Select -ExpandProperty Policy | Where {$_.Id -eq &quot;JoinDomainMethodPolicy&quot;}).Policyoption.Id}}
+Get-VMHost | Select Name, ` @{N="HostProfile";E={$_ | Get-VMHostProfile}}, ` @{N="JoinADEnabled";E={($_ | Get-VmHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory.Enabled}}, ` @{N="JoinDomainMethod";E={(($_ | Get-VMHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory | Select -ExpandProperty Policy | Where {$_.Id -eq "JoinDomainMethodPolicy"}).Policyoption.Id}}
 
-If &quot;JoinADEnabled&quot; is &quot;True&quot; and &quot;JoinDomainMethod&quot; is not &quot;FixedCAMConfigOption&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If "JoinADEnabled" is "True" and "JoinDomainMethod" is not "FixedCAMConfigOption", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Home &gt;&gt; Policies and Profiles &gt;&gt; Host Profiles.
 
 Click a Host Profile &gt;&gt; Configure &gt;&gt; Security and Services &gt;&gt; Security Settings &gt;&gt; Authentication Configuration &gt;&gt; Active Directory Configuration.
 
-Click &quot;Edit Host Profile...&quot;. Set the &quot;Join Domain Method&quot; to &quot;Use vSphere Authentication Proxy to add the host to domain&quot; and provide the IP address of the vSphere Authentication Proxy server.
-
-Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6987eb64-5347-42f4-881b-81b1032aec2e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-There are no attached host profiles host: 10.186.25.26. This control is not applicable.
-There are no attached host profiles host: 10.186.25.26. This control is not applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000241</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000241</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000241</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not use the default Active Directory ESX Admin group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When adding ESXi hosts to Active Directory, all user&#x2F;group accounts assigned to the Active Directory group &quot;ESX Admins&quot; will have full administrative access to the host.
-
-If this group is not controlled or known to the system administrators, it may be used for inappropriate access to the host. Therefore, the default group must be changed to a site-specific Active Directory group and membership must be severely restricted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Click "Edit Host Profile...". Set the "Join Domain Method" to "Use vSphere Authentication Proxy to add the host to domain" and provide the IP address of the vSphere Authentication Proxy server.
+
+Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000240' do\n  title 'The ESXi host when using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory.'\n  desc  \"\n    If a host is configured to join an Active Directory domain using Host Profiles and/or Auto Deploy, the Active Directory credentials are saved in the profile and are transmitted over the network.\n\n    To avoid having to save Active Directory credentials in the Host Profile and to avoid transmitting Active Directory credentials over the network, use the vSphere Authentication Proxy.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For environments that do not use vCenter server to manage ESXi, this is not applicable.\n\n    If the organization is not using Host Profiles to join Active Directory, this is not applicable.\n\n    From the vSphere Client, go to Home &gt;&gt; Policies and Profiles &gt;&gt; Host Profiles.\n\n    Click a Host Profile &gt;&gt; Configure &gt;&gt; Security and Services &gt;&gt; Security Settings &gt;&gt; Authentication Configuration &gt;&gt; Active Directory Configuration &gt;&gt; Join Domain Method.\n\n    If the method used to join hosts to a domain is not set to \\\"Use vSphere Authentication Proxy to add the host to domain\\\", this is a finding.\n\n    or\n\n    From a PowerCLI command prompt while connected to vCenter, run the following command:\n\n    Get-VMHost | Select Name, ` @{N=\\\"HostProfile\\\";E={$_ | Get-VMHostProfile}}, ` @{N=\\\"JoinADEnabled\\\";E={($_ | Get-VmHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory.Enabled}}, ` @{N=\\\"JoinDomainMethod\\\";E={(($_ | Get-VMHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory | Select -ExpandProperty Policy | Where {$_.Id -eq \\\"JoinDomainMethodPolicy\\\"}).Policyoption.Id}}\n\n    If \\\"JoinADEnabled\\\" is \\\"True\\\" and \\\"JoinDomainMethod\\\" is not \\\"FixedCAMConfigOption\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Home &gt;&gt; Policies and Profiles &gt;&gt; Host Profiles.\n\n    Click a Host Profile &gt;&gt; Configure &gt;&gt; Security and Services &gt;&gt; Security Settings &gt;&gt; Authentication Configuration &gt;&gt; Active Directory Configuration.\n\n    Click \\\"Edit Host Profile...\\\". Set the \\\"Join Domain Method\\\" to \\\"Use vSphere Authentication Proxy to add the host to domain\\\" and provide the IP address of the vSphere Authentication Proxy server.\n\n    Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000240'\n  tag rid: 'SV-ESXI-80-000240'\n  tag stig_id: 'ESXI-80-000240'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    setimpact = true\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostProfile\"\n      hostprofile = powercli_command(command).stdout\n\n      if hostprofile.empty?\n        describe \"There are no attached host profiles host: #{vmhost}. This control is not applicable.\" do\n          skip \"There are no attached host profiles host: #{vmhost}. This control is not applicable.\"\n        end\n      else\n        command1 = \"(Get-VMHost -Name #{vmhost} | Get-VMHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory.Enabled\"\n        adEnabled = powercli_command(command1).stdout.strip\n\n        if adEnabled.match?('True')\n          command2 = \"(Get-VMHost -Name #{vmhost} | Get-VMHostProfile).ExtensionData.Config.ApplyProfile.Authentication.ActiveDirectory | Select-Object -ExpandProperty Policy | Where {$_.Id -eq 'JoinDomainMethodPolicy'} | Select-Object -ExpandProperty PolicyOption | Select-Object -ExpandProperty Id\"\n          describe powercli_command(command2) do\n            its('stdout.strip') { should cmp 'FixedCAMConfigOption' }\n          end\n          setimpact = false\n        else\n          describe \"Active Directory is not enabled on host: #{vmhost}. This control is not applicable.\" do\n            skip \"Active Directory is not enabled on host: #{vmhost}. This control is not applicable.\"\n          end\n        end\n      end\n    end\n  else\n    describe 'No ESXi hosts found. Review inputs provided for errors and rerun profile.' do\n      skip 'No ESXi hosts found. Review inputs provided for errors and rerun profile.'\n    end\n    setimpact = false\n  end\n  unless !setimpact\n    impact 0.0\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST There are no attached host profiles host: 10.186.25.26. This control is not applicable. :: SKIP_MESSAGE There are no attached host profiles host: 10.186.25.26. This control is not applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000241</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000241</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000241</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not use the default Active Directory ESX Admin group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When adding ESXi hosts to Active Directory, all user/group accounts assigned to the Active Directory group "ESX Admins" will have full administrative access to the host.
+
+If this group is not controlled or known to the system administrators, it may be used for inappropriate access to the host. Therefore, the default group must be changed to a site-specific Active Directory group and membership must be severely restricted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>For systems that do not use Active Directory, this is not applicable.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Config.HostAgent.plugins.hostsvc.esxAdminsGroup&quot; value and verify it is not set to &quot;ESX Admins&quot;.
+Select the "Config.HostAgent.plugins.hostsvc.esxAdminsGroup" value and verify it is not set to "ESX Admins".
 
 or
 
@@ -11124,303 +10629,292 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup
 
-If the &quot;Config.HostAgent.plugins.hostsvc.esxAdminsGroup&quot; setting is set to &quot;ESX Admins&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "Config.HostAgent.plugins.hostsvc.esxAdminsGroup" setting is set to "ESX Admins", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Config.HostAgent.plugins.hostsvc.esxAdminsGroup&quot; key and configure its value to an appropriate Active Directory group other than &quot;ESX Admins&quot;.
+Click "Edit". Select the "Config.HostAgent.plugins.hostsvc.esxAdminsGroup" key and configure its value to an appropriate Active Directory group other than "ESX Admins".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Set-AdvancedSetting -Value &quot;&lt;site specific AD group&gt;&quot;
-
-Note: Changing the group name does not remove the permissions of the previous group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>14594726-bfab-4be0-90ac-b9ce89443696</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-
-The ESXi host 10.186.25.26 is not joined to AD, so this control is not applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000243</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000341-VMM-001220</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000243</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000243</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must configure a persistent log location for all locally stored logs.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXi can be configured to store log files on an in-memory file system. This occurs when the host&#39;s &quot;&#x2F;scratch&quot; directory is linked to &quot;&#x2F;tmp&#x2F;scratch&quot;. When this is done, only a single day&#39;s worth of logs are stored at any time. In addition, log files will be reinitialized upon each reboot.
+Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Set-AdvancedSetting -Value "&lt;site specific AD group&gt;"
+
+Note: Changing the group name does not remove the permissions of the previous group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000241' do\n  title 'The ESXi host must not use the default Active Directory ESX Admin group.'\n  desc  \"\n    When adding ESXi hosts to Active Directory, all user/group accounts assigned to the Active Directory group \\\"ESX Admins\\\" will have full administrative access to the host.\n\n    If this group is not controlled or known to the system administrators, it may be used for inappropriate access to the host. Therefore, the default group must be changed to a site-specific Active Directory group and membership must be severely restricted.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For systems that do not use Active Directory, this is not applicable.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Config.HostAgent.plugins.hostsvc.esxAdminsGroup\\\" value and verify it is not set to \\\"ESX Admins\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup\n\n    If the \\\"Config.HostAgent.plugins.hostsvc.esxAdminsGroup\\\" setting is set to \\\"ESX Admins\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Config.HostAgent.plugins.hostsvc.esxAdminsGroup\\\" key and configure its value to an appropriate Active Directory group other than \\\"ESX Admins\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Set-AdvancedSetting -Value \\\"&lt;site specific AD group&gt;\\\"\n\n    Note: Changing the group name does not remove the permissions of the previous group.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000241'\n  tag rid: 'SV-ESXI-80-000241'\n  tag stig_id: 'ESXI-80-000241'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-VMHostAuthentication | Select-Object -ExpandProperty DomainMembershipStatus\"\n      domainstatus = powercli_command(command).stdout\n      if domainstatus.empty?\n        impact 0.0\n        describe '' do\n          skip \"The ESXi host #{vmhost} is not joined to AD, so this control is not applicable.\"\n        end\n      else\n        command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Select-Object -ExpandProperty Value\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should_not cmp 'ESX Admins' }\n          its('stdout.strip') { should cmp \"#{input('adAdminGroup')}\" }\n        end\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE The ESXi host 10.186.25.26 is not joined to AD, so this control is not applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000243</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000341-VMM-001220</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000243</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000243</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must configure a persistent log location for all locally stored logs.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXi can be configured to store log files on an in-memory file system. This occurs when the host's "/scratch" directory is linked to "/tmp/scratch". When this is done, only a single day's worth of logs are stored at any time. In addition, log files will be reinitialized upon each reboot.
 
 This presents a security risk as user activity logged on the host is only stored temporarily and will not persist across reboots. This can also complicate auditing and make it harder to monitor events and diagnose issues. ESXi host logging should always be configured to a persistent datastore.
 
 Note: Scratch space is configured automatically during installation or first boot of an ESXi host and does not usually need to be configured manually.
 
-If ESXi is installed on an SD card or USB device, a persistent log location may not be configured upon install as normal.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If ESXi is installed on an SD card or USB device, a persistent log location may not be configured upon install as normal.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;Syslog.global.logDir&quot; value and verify it is set to a persistent location.
+Select the "Syslog.global.logDir" value and verify it is set to a persistent location.
 
-If the value of the setting is &quot;[] &#x2F;scratch&#x2F;logs&quot;, verify the advanced setting &quot;ScratchConfig.CurrentScratchLocation&quot; is not set to &quot;&#x2F;tmp&#x2F;scratch&quot;. This is a nonpersistent location.
+If the value of the setting is "[] /scratch/logs", verify the advanced setting "ScratchConfig.CurrentScratchLocation" is not set to "/tmp/scratch". This is a nonpersistent location.
 
-If &quot;Syslog.global.logDir&quot; is not configured to a persistent location, this is a finding.
+If "Syslog.global.logDir" is not configured to a persistent location, this is a finding.
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.system.syslog.config.get.Invoke() | Select LocalLogOutput,LocalLogOutputIsPersistent
 
-If the &quot;LocalLogOutputIsPersistent&quot; value is not true, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "LocalLogOutputIsPersistent" value is not true, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;Syslog.global.logDir&quot; value and set it to a known persistent location.
+Click "Edit". Select the "Syslog.global.logDir" value and set it to a known persistent location.
 
 An example is shown below, where 51dda02d-fade5016-8a08-005056171889 is the UUID of the target datastore:
 
-&#x2F;vmfs&#x2F;volumes&#x2F;51dda02d-fade5016-8a08-005056171889
+/vmfs/volumes/51dda02d-fade5016-8a08-005056171889
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logDir | Set-AdvancedSetting -Value &quot;New Log Location&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6866bec5-e9e4-4157-a98b-90ceefbb952d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001849</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.get.Invoke() | Select-Object -ExpandProperty LocalLogOutputIsPersistent stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000244</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000244</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000244</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must enforce the exclusive running of executables from approved VIBs.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;execInstalledOnly&quot; advanced ESXi boot option, when set to TRUE, guarantees that the VMkernel executes only those binaries that have been packaged as part of a signed VIB. While this option is effective on its own, it can be further enhanced by telling the Secure Boot to check with the TPM to make sure that the boot process does not proceed unless this setting is enabled. This further protects against malicious offline changes to ESXi configuration to disable the &quot;execInstalledOnly&quot; option.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logDir | Set-AdvancedSetting -Value "New Log Location"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000243' do\n  title 'The ESXi host must configure a persistent log location for all locally stored logs.'\n  desc  \"\n    ESXi can be configured to store log files on an in-memory file system. This occurs when the host's \\\"/scratch\\\" directory is linked to \\\"/tmp/scratch\\\". When this is done, only a single day's worth of logs are stored at any time. In addition, log files will be reinitialized upon each reboot.\n\n    This presents a security risk as user activity logged on the host is only stored temporarily and will not persist across reboots. This can also complicate auditing and make it harder to monitor events and diagnose issues. ESXi host logging should always be configured to a persistent datastore.\n\n    Note: Scratch space is configured automatically during installation or first boot of an ESXi host and does not usually need to be configured manually.\n\n    If ESXi is installed on an SD card or USB device, a persistent log location may not be configured upon install as normal.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"Syslog.global.logDir\\\" value and verify it is set to a persistent location.\n\n    If the value of the setting is \\\"[] /scratch/logs\\\", verify the advanced setting \\\"ScratchConfig.CurrentScratchLocation\\\" is not set to \\\"/tmp/scratch\\\". This is a nonpersistent location.\n\n    If \\\"Syslog.global.logDir\\\" is not configured to a persistent location, this is a finding.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.syslog.config.get.Invoke() | Select LocalLogOutput,LocalLogOutputIsPersistent\n\n    If the \\\"LocalLogOutputIsPersistent\\\" value is not true, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"Syslog.global.logDir\\\" value and set it to a known persistent location.\n\n    An example is shown below, where 51dda02d-fade5016-8a08-005056171889 is the UUID of the target datastore:\n\n    /vmfs/volumes/51dda02d-fade5016-8a08-005056171889\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logDir | Set-AdvancedSetting -Value \\\"New Log Location\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000341-VMM-001220'\n  tag gid: 'V-ESXI-80-000243'\n  tag rid: 'SV-ESXI-80-000243'\n  tag stig_id: 'ESXI-80-000243'\n  tag cci: ['CCI-001849']\n  tag nist: ['AU-4']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.get.Invoke() | Select-Object -ExpandProperty LocalLogOutputIsPersistent\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001849</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.get.Invoke() | Select-Object -ExpandProperty LocalLogOutputIsPersistent stdout.strip is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000244</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000244</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000244</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must enforce the exclusive running of executables from approved VIBs.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "execInstalledOnly" advanced ESXi boot option, when set to TRUE, guarantees that the VMkernel executes only those binaries that have been packaged as part of a signed VIB. While this option is effective on its own, it can be further enhanced by telling the Secure Boot to check with the TPM to make sure that the boot process does not proceed unless this setting is enabled. This further protects against malicious offline changes to ESXi configuration to disable the "execInstalledOnly" option.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.
 
 From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Select the &quot;VMkernel.Boot.execInstalledOnly&quot; value and verify that it is &quot;true&quot;.
+Select the "VMkernel.Boot.execInstalledOnly" value and verify that it is "true".
 
 or
 
@@ -11428,150 +10922,143 @@ From a PowerCLI command prompt while connected to the ESXi host, run the followi
 
 Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly
 
-If the &quot;VMkernel.Boot.execInstalledOnly&quot; setting is not &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If the "VMkernel.Boot.execInstalledOnly" setting is not "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Hosts and Clusters.
 
 Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.
 
-Click &quot;Edit&quot;. Select the &quot;VMkernel.Boot.execInstalledOnly&quot; value and configure it to &quot;true&quot;.
+Click "Edit". Select the "VMkernel.Boot.execInstalledOnly" value and configure it to "true".
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following command:
 
-Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Set-AdvancedSetting -Value True</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f55f6156-2a97-41a3-a700-70bb609fb245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
-
+Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Set-AdvancedSetting -Value True</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000244' do\n  title 'The ESXi host must enforce the exclusive running of executables from approved VIBs.'\n  desc  'The \"execInstalledOnly\" advanced ESXi boot option, when set to TRUE, guarantees that the VMkernel executes only those binaries that have been packaged as part of a signed VIB. While this option is effective on its own, it can be further enhanced by telling the Secure Boot to check with the TPM to make sure that the boot process does not proceed unless this setting is enabled. This further protects against malicious offline changes to ESXi configuration to disable the \"execInstalledOnly\" option.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If the ESXi host does not have a compatible TPM, this finding is downgraded to a CAT III.\n\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Select the \\\"VMkernel.Boot.execInstalledOnly\\\" value and verify that it is \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly\n\n    If the \\\"VMkernel.Boot.execInstalledOnly\\\" setting is not \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Hosts and Clusters.\n\n    Select the ESXi Host &gt;&gt; Configure &gt;&gt; System &gt;&gt; Advanced System Settings.\n\n    Click \\\"Edit\\\". Select the \\\"VMkernel.Boot.execInstalledOnly\\\" value and configure it to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following command:\n\n    Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Set-AdvancedSetting -Value True\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000244'\n  tag rid: 'SV-ESXI-80-000244'\n  tag stig_id: 'ESXI-80-000244'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"Get-VMHost -Name #{vmhost} | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Select-Object -ExpandProperty Value\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VMHost -Name 10.186.25.26 | Get-AdvancedSetting -Name VMkernel.Boot.execInstalledOnly | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "true" :: MESSAGE 
 expected: true
      got: False
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000245</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must use sufficient entropy for cryptographic operations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000245</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000245</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000245</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must use sufficient entropy for cryptographic operations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>Starting in vSphere 8.0, the ESXi Entropy implementation supports the FIPS 140-3 and EAL4 certifications. Kernel boot options control which entropy sources to activate on an ESXi host.
 
-In computing, the term &quot;entropy&quot; refers to random characters and data that are collected for use in cryptography, such as generating encryption keys to secure data transmitted over a network. Entropy is required by security for generating keys and communicating securely over the network. Entropy is often collected from a variety of sources on a system.
+In computing, the term "entropy" refers to random characters and data that are collected for use in cryptography, such as generating encryption keys to secure data transmitted over a network. Entropy is required by security for generating keys and communicating securely over the network. Entropy is often collected from a variety of sources on a system.
 
 FIPS entropy handling is the default behavior if the following conditions are true:
 
 -The hardware supports RDSEED.
--The disableHwrng VMkernel boot option isn&#39;t present or is FALSE.
--The entropySources VMkernel boot option isn&#39;t present or is 0 (zero).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+-The disableHwrng VMkernel boot option isn't present or is FALSE.
+-The entropySources VMkernel boot option isn't present or is 0 (zero).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following commands:
 
 # esxcli system settings kernel list -o disableHwrng
@@ -11581,14 +11068,14 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$esxcli.system.settings.kernel.list.invoke() | Where {$_.Name -eq &quot;disableHwrng&quot; -or $_.Name -eq &quot;entropySources&quot;}
+$esxcli = Get-EsxCli -v2
+$esxcli.system.settings.kernel.list.invoke() | Where {$_.Name -eq "disableHwrng" -or $_.Name -eq "entropySources"}
 
-If &quot;disableHwrng&quot; is not set to &quot;false&quot;, this is a finding.
-If &quot;entropySources&quot; is not set to &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If "disableHwrng" is not set to "false", this is a finding.
+If "entropySources" is not set to "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following commands:
 
 # esxcli system settings kernel set -s disableHwrng -v FALSE
@@ -11598,136 +11085,130 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.settings.kernel.set.CreateArgs()
-$arguments.setting &#x3D; &quot;disableHwrng&quot;
-$arguments.value &#x3D; &quot;FALSE&quot;
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.settings.kernel.set.CreateArgs()
+$arguments.setting = "disableHwrng"
+$arguments.value = "FALSE"
 $esxcli.system.settings.kernel.set.invoke($arguments)
-$arguments.setting &#x3D; &quot;entropySources&quot;
-$arguments.value &#x3D; &quot;0&quot;
+$arguments.setting = "entropySources"
+$arguments.value = "0"
 $esxcli.system.settings.kernel.set.invoke($arguments)
 
-Reboot the ESXi host after updating entropy settings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fc7d215e-1b54-46d5-8a31-6e46faf197a8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq &quot;disableHwrng&quot;} | Select-Object -ExpandProperty Configured stdout.strip is expected to cmp &#x3D;&#x3D; &quot;FALSE&quot;
+Reboot the ESXi host after updating entropy settings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000245' do\n  title 'The ESXi host must use sufficient entropy for cryptographic operations.'\n  desc  \"\n    Starting in vSphere 8.0, the ESXi Entropy implementation supports the FIPS 140-3 and EAL4 certifications. Kernel boot options control which entropy sources to activate on an ESXi host.\n\n    In computing, the term \\\"entropy\\\" refers to random characters and data that are collected for use in cryptography, such as generating encryption keys to secure data transmitted over a network. Entropy is required by security for generating keys and communicating securely over the network. Entropy is often collected from a variety of sources on a system.\n\n    FIPS entropy handling is the default behavior if the following conditions are true:\n\n    -The hardware supports RDSEED.\n    -The disableHwrng VMkernel boot option isn't present or is FALSE.\n    -The entropySources VMkernel boot option isn't present or is 0 (zero).\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following commands:\n\n    # esxcli system settings kernel list -o disableHwrng\n    # esxcli system settings kernel list -o entropySources\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.settings.kernel.list.invoke() | Where {$_.Name -eq \\\"disableHwrng\\\" -or $_.Name -eq \\\"entropySources\\\"}\n\n    If \\\"disableHwrng\\\" is not set to \\\"false\\\", this is a finding.\n    If \\\"entropySources\\\" is not set to \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following commands:\n\n    # esxcli system settings kernel set -s disableHwrng -v FALSE\n    # esxcli system settings kernel set -s entropySources -v 0\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.settings.kernel.set.CreateArgs()\n    $arguments.setting = \\\"disableHwrng\\\"\n    $arguments.value = \\\"FALSE\\\"\n    $esxcli.system.settings.kernel.set.invoke($arguments)\n    $arguments.setting = \\\"entropySources\\\"\n    $arguments.value = \\\"0\\\"\n    $esxcli.system.settings.kernel.set.invoke($arguments)\n\n    Reboot the ESXi host after updating entropy settings.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000245'\n  tag rid: 'SV-ESXI-80-000245'\n  tag stig_id: 'ESXI-80-000245'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq \\\"disableHwrng\\\"} | Select-Object -ExpandProperty Configured\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'FALSE' }\n      end\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq \\\"entropySources\\\"} | Select-Object -ExpandProperty Configured\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '0' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq "disableHwrng"} | Select-Object -ExpandProperty Configured stdout.strip is expected to cmp == "FALSE"
 --------------------------------
-passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq &quot;entropySources&quot;} | Select-Object -ExpandProperty Configured stdout.strip is expected to cmp &#x3D;&#x3D; &quot;0&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-ESXI-80-000246</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-ESXI-80-000246</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXI-80-000246</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi host must not enable log filtering.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.settings.kernel.list.invoke()| Where {$_.Name -eq "entropySources"} | Select-Object -ExpandProperty Configured stdout.strip is expected to cmp == "0"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000246</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-ESXI-80-000246</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXI-80-000246</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi host must not enable log filtering.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>The log filtering capability lets you modify the logging policy of the syslog service that is running on an ESXi host. You can create log filters to reduce the number of repetitive entries in the ESXi logs and to deny specific log events entirely.
 
-Setting a limit to the amount of logging information restricts the ability to detect and respond to potential security issues or system failures properly.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+Setting a limit to the amount of logging information restricts the ability to detect and respond to potential security issues or system failures properly.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
 # esxcli system syslog config logfilter get
@@ -11736,14368 +11217,13711 @@ or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
+$esxcli = Get-EsxCli -v2
 $esxcli.system.syslog.config.logfilter.get.invoke()
 
-If &quot;LogFilteringEnabled&quot; is not set to &quot;false&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+If "LogFilteringEnabled" is not set to "false", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From an ESXi shell, run the following command:
 
-# esxcli system syslog config logfilter set --log-filtering-enabled&#x3D;false
+# esxcli system syslog config logfilter set --log-filtering-enabled=false
 
 or
 
 From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
 
-$esxcli &#x3D; Get-EsxCli -v2
-$arguments &#x3D; $esxcli.system.syslog.config.logfilter.set.CreateArgs()
-$arguments.logfilteringenabled &#x3D; $false
-$esxcli.system.syslog.config.logfilter.set.invoke($arguments)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ea0ef964-c62b-43a8-96fb-7445c3d333d0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: $vmhost &#x3D; Get-VMHost -Name 10.186.25.26; $esxcli &#x3D; Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.logfilter.get.invoke() | Select-Object -ExpandProperty LogFilteringEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000189</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have copy operations disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy&#x2F;paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
-
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
-
-Verify the &quot;isolation.tools.copy.disable&quot; value is set to &quot;true&quot;.
+$esxcli = Get-EsxCli -v2
+$arguments = $esxcli.system.syslog.config.logfilter.set.CreateArgs()
+$arguments.logfilteringenabled = $false
+$esxcli.system.syslog.config.logfilter.set.invoke($arguments)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'ESXI-80-000246' do\n  title 'The ESXi host must not enable log filtering.'\n  desc  \"\n    The log filtering capability lets you modify the logging policy of the syslog service that is running on an ESXi host. You can create log filters to reduce the number of repetitive entries in the ESXi logs and to deny specific log events entirely.\n\n    Setting a limit to the amount of logging information restricts the ability to detect and respond to potential security issues or system failures properly.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli system syslog config logfilter get\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $esxcli.system.syslog.config.logfilter.get.invoke()\n\n    If \\\"LogFilteringEnabled\\\" is not set to \\\"false\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From an ESXi shell, run the following command:\n\n    # esxcli system syslog config logfilter set --log-filtering-enabled=false\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host, run the following commands:\n\n    $esxcli = Get-EsxCli -v2\n    $arguments = $esxcli.system.syslog.config.logfilter.set.CreateArgs()\n    $arguments.logfilteringenabled = $false\n    $esxcli.system.syslog.config.logfilter.set.invoke($arguments)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-ESXI-80-000246'\n  tag rid: 'SV-ESXI-80-000246'\n  tag stig_id: 'ESXI-80-000246'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmhostName = input('vmhostName')\n  cluster = input('cluster')\n  allhosts = input('allesxi')\n  vmhosts = []\n\n  unless vmhostName.empty?\n    vmhosts = powercli_command(\"Get-VMHost -Name #{vmhostName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless cluster.empty?\n    vmhosts = powercli_command(\"Get-Cluster -Name '#{cluster}' | Get-VMHost | Sort-Object Name | Select -ExpandProperty Name\").stdout.split\n  end\n  unless allhosts == false\n    vmhosts = powercli_command('Get-VMHost | Sort-Object Name | Select -ExpandProperty Name').stdout.split\n  end\n\n  if !vmhosts.empty?\n    vmhosts.each do |vmhost|\n      command = \"$vmhost = Get-VMHost -Name #{vmhost}; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.logfilter.get.invoke() | Select-Object -ExpandProperty LogFilteringEnabled\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No hosts found!' do\n      skip 'No hosts found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 ESXi STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: $vmhost = Get-VMHost -Name 10.186.25.26; $esxcli = Get-EsxCli -VMHost $vmhost -V2; $esxcli.system.syslog.config.logfilter.get.invoke() | Select-Object -ExpandProperty LogFilteringEnabled stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>1</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+					<SID_DATA>{"hdfSpecificData":{"copyright":"The Authors","maintainer":"The Authors","version":"1.0.1"}}</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>An InSpec Compliance Profile</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>Apache-2.0</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following command:
 
-or
+# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc scan
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.copy.disable
+# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLSv1.2
 
-If the virtual machine advanced setting &quot;isolation.tools.copy.disable&quot; is not set to &quot;true&quot;, this is a finding.
+vCenter services will be restarted as part of the reconfiguration. The operating system will not be restarted.
 
-If the virtual machine advanced setting &quot;isolation.tools.copy.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+The "--no-restart" flag can be added to restart services at a later time.
+
+Changes will not take effect until all services are restarted or the appliance is rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000009' do\n  title 'The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.'\n  desc  'Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.'\n  desc  'rationale', ''\n  desc  'check', \"\n    At the command prompt on the vCenter Server Appliance, run the following command:\n\n    # /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc scan\n\n    If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.\n  \"\n  desc 'fix', \"\n    At the command prompt on the vCenter Server Appliance, run the following command:\n\n    # /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLSv1.2\n\n    vCenter services will be restarted as part of the reconfiguration. The operating system will not be restarted.\n\n    The \\\"--no-restart\\\" flag can be added to restart services at a later time.\n\n    Changes will not take effect until all services are restarted or the appliance is rebooted.\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-APP-000014'\n  tag satisfies: ['SRG-APP-000156', 'SRG-APP-000157', 'SRG-APP-000219', 'SRG-APP-000439', 'SRG-APP-000440', 'SRG-APP-000441', 'SRG-APP-000442', 'SRG-APP-000560', 'SRG-APP-000565', 'SRG-APP-000625', 'SRG-APP-000645']\n  tag gid: 'V-VCSA-80-000009'\n  tag rid: 'SV-VCSA-80-000009'\n  tag stig_id: 'VCSA-80-000009'\n  tag cci: ['CCI-000068', 'CCI-000382', 'CCI-001184', 'CCI-001453', 'CCI-001941', 'CCI-001942', 'CCI-002418', 'CCI-002420', 'CCI-002421', 'CCI-002422', 'CCI-002450']\n  tag nist: ['AC-17 (2)', 'CM-7 b', 'IA-2 (8)', 'IA-2 (9)', 'SC-13', 'SC-23', 'SC-8', 'SC-8 (1)', 'SC-8 (2)']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001184</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001941</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001942</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000065</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+The following lockout policy should be set as follows:
 
-Find the &quot;isolation.tools.copy.disable&quot; value and set it to &quot;true&quot;.
+Maximum number of failed login attempts: 3
 
-If the setting does not exist no action is needed.
+If this account lockout policy is not configured as stated, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-or
+Click "Edit".
+
+Set the "Maximum number of failed login attempts" to "3" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000023' do\n  title 'The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user.'\n  desc  'By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. '\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    The following lockout policy should be set as follows:\n\n    Maximum number of failed login attempts: 3\n\n    If this account lockout policy is not configured as stated, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    Click \\\"Edit\\\".\n\n    Set the \\\"Maximum number of failed login attempts\\\" to \\\"3\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000065'\n  tag gid: 'V-VCSA-80-000023'\n  tag rid: 'SV-VCSA-80-000023'\n  tag stig_id: 'VCSA-80-000023'\n  tag cci: ['CCI-000044']\n  tag nist: ['AC-7 a']\n\n  command = '(Get-SsoLockoutPolicy).MaxFailedAttempts'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp '3' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoLockoutPolicy).MaxFailedAttempts stdout.strip is expected to cmp == "3" :: MESSAGE 
+expected: 3
+     got: 5
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000024</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000068</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000024</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000024</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before logon.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Display of the DOD-approved use notification before granting access to the application ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.copy.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2f8d54a0-78e3-4f4d-86e5-af680e43c44a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000191</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have drag and drop operations disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy&#x2F;paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for applications that can accommodate banners of 1300 characters:
 
-Verify the &quot;isolation.tools.dnd.disable&quot; value is set to &quot;true&quot;.
+"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
-or
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.dnd.disable
+-At any time, the USG may inspect and seize data stored on this IS.
 
-If the virtual machine advanced setting &quot;isolation.tools.dnd.disable&quot; is not set to &quot;true&quot;, this is a finding.
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
 
-If the virtual machine advanced setting &quot;isolation.tools.dnd.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
-Find the &quot;isolation.tools.dnd.disable&quot; value and set it to &quot;true&quot;.
+Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
 
-If the setting does not exist no action is needed.
+"I've read (literal ampersand) consent to terms in IS user agreem't."</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.
 
-or
+If the selection box next to "Show login message" is disabled, "Details of login message" is not configured to the standard DOD User Agreement, or the "Consent checkbox" is disabled, this is a finding.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Note: Refer to vulnerability discussion for user agreement language.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.dnd.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eb3ef6df-98b2-4d37-a009-4f2f47070761</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have paste operations disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy&#x2F;paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Click "Edit".
+
+Click the "Show login message" slider to enable.
+
+Configure the "Login message" to "DOD User Agreement".
+
+Click the "Consent checkbox" slider to enable.
+
+Set the "Details of login message" to the Standard Mandatory DOD Notice and Consent Banner text.
+
+Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000024' do\n  title 'The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before logon.'\n  desc  \"\n    Display of the DOD-approved use notification before granting access to the application ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\n    System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\n    The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for applications that can accommodate banners of 1300 characters:\n\n    \\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\n    By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n    -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n    -At any time, the USG may inspect and seize data stored on this IS.\n\n    -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n    -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n    -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\n\n    Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:\n\n    \\\"I've read (literal ampersand) consent to terms in IS user agreem't.\\\"\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.\n\n    If the selection box next to \\\"Show login message\\\" is disabled, \\\"Details of login message\\\" is not configured to the standard DOD User Agreement, or the \\\"Consent checkbox\\\" is disabled, this is a finding.\n\n    Note: Refer to vulnerability discussion for user agreement language.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"Show login message\\\" slider to enable.\n\n    Configure the \\\"Login message\\\" to \\\"DOD User Agreement\\\".\n\n    Click the \\\"Consent checkbox\\\" slider to enable.\n\n    Set the \\\"Details of login message\\\" to the Standard Mandatory DOD Notice and Consent Banner text.\n\n    Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000068'\n  tag satisfies: ['SRG-APP-000069', 'SRG-APP-000070']\n  tag gid: 'V-VCSA-80-000024'\n  tag rid: 'SV-VCSA-80-000024'\n  tag stig_id: 'VCSA-80-000024'\n  tag cci: ['CCI-000048', 'CCI-000050', 'CCI-001384']\n  tag nist: ['AC-8 a', 'AC-8 b', 'AC-8 c 1']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000034</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000034</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000034</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must produce audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Verify the &quot;isolation.tools.paste.disable&quot; value is set to &quot;true&quot;.
+Verify the "config.log.level" value is set to "info".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
-
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.paste.disable
-
-If the virtual machine advanced setting &quot;isolation.tools.paste.disable&quot; is not set to &quot;true&quot;, this is a finding.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-If the virtual machine advanced setting &quot;isolation.tools.paste.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level and verify it is set to "info".
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+If the "config.log.level" value is not set to "info" or does not exist, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Find the &quot;isolation.tools.paste.disable&quot; value and set it to &quot;true&quot;.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-If the setting does not exist no action is needed.
+Click "Edit Settings" and configure the "config.log.level" setting to "info".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.paste.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>abcc7f66-62ea-42c7-9621-3d6bcc40cdb3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have virtual disk shrinking disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level | Set-AdvancedSetting -Value info</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000034' do\n  title 'The vCenter Server must produce audit records containing information to establish what type of events occurred.'\n  desc  'Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Verify the \\\"config.log.level\\\" value is set to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level and verify it is set to \\\"info\\\".\n\n    If the \\\"config.log.level\\\" value is not set to \\\"info\\\" or does not exist, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Click \\\"Edit Settings\\\" and configure the \\\"config.log.level\\\" setting to \\\"info\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level | Set-AdvancedSetting -Value info\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000095'\n  tag gid: 'V-VCSA-80-000034'\n  tag rid: 'SV-VCSA-80-000034'\n  tag stig_id: 'VCSA-80-000034'\n  tag cci: ['CCI-000130']\n  tag nist: ['AU-3']\n\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.log.level | Select-Object -ExpandProperty Value'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'info' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.log.level | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "info"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000141</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000057</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter Server plugins must be verified.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.
 
-However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to shrink is available to nonadministrative users operating within the VM&#39;s guest operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Additionally, vCenter comes with a number of plugins preinstalled that may or may not be necessary for proper operation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins.
 
-Verify the &quot;isolation.tools.diskShrink.disable&quot; value is set to &quot;true&quot;.
+View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, third-party (partner), and/or site-specific approved plug-ins.
 
-or
+If any installed/available plug-ins in the viewable list cannot be verified as allowed vSphere Client plug-ins from trusted sources or are not in active use, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins, click the radio button next to the unknown plug-in, and click "Disable".
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If the plugin will not be needed in the future, proceed to uninstall the plug-in.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable
+To uninstall plug-ins, do the following:
 
-If the virtual machine advanced setting &quot;isolation.tools.diskShrink.disable&quot; is not set to &quot;true&quot;, this is a finding.
+If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server:
 
-If the virtual machine advanced setting &quot;isolation.tools.diskShrink.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+In a web browser, navigate to "http://vCenter_Server_name_or_IP/mob", where "vCenter_Server_name_or_IP/mob" is the name of the vCenter Server or its IP address.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Click "Content".
 
-Find the &quot;isolation.tools.diskShrink.disable&quot; value and set it to &quot;true&quot;.
+Click "ExtensionManager".
 
-If the setting does not exist no action is needed.
+Select and copy the name of the plug-in to be removed from the list of values under "Properties".
 
-or
+Click "UnregisterExtension". A new window appears.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Paste the name of the plug-in and click "Invoke Method". This removes the plug-in.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ac54e227-d985-424c-9e6e-968d926df0a1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have virtual disk wiping disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.
+Close the window.
 
-However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to wipe (erase) is available to nonadministrative users operating within the VM&#39;s guest operating system.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify the plug-in is removed successfully.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Note: If the plug-in still appears, restart the vSphere Client.
 
-Verify the &quot;isolation.tools.diskWiper.disable&quot; value is set to &quot;true&quot;.
+Note: The Managed Object Browser (MOB) may have to be enabled temporarily if it was disabled previously.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000057' do\n  title 'vCenter Server plugins must be verified.'\n  desc  \"\n    The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.\n\n    vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.\n\n    Additionally, vCenter comes with a number of plugins preinstalled that may or may not be necessary for proper operation.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins.\n\n    View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, third-party (partner), and/or site-specific approved plug-ins.\n\n    If any installed/available plug-ins in the viewable list cannot be verified as allowed vSphere Client plug-ins from trusted sources or are not in active use, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins, click the radio button next to the unknown plug-in, and click \\\"Disable\\\".\n\n    If the plugin will not be needed in the future, proceed to uninstall the plug-in.\n\n    To uninstall plug-ins, do the following:\n\n    If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server:\n\n    In a web browser, navigate to \\\"http://vCenter_Server_name_or_IP/mob\\\", where \\\"vCenter_Server_name_or_IP/mob\\\" is the name of the vCenter Server or its IP address.\n\n    Click \\\"Content\\\".\n\n    Click \\\"ExtensionManager\\\".\n\n    Select and copy the name of the plug-in to be removed from the list of values under \\\"Properties\\\".\n\n    Click \\\"UnregisterExtension\\\". A new window appears.\n\n    Paste the name of the plug-in and click \\\"Invoke Method\\\". This removes the plug-in.\n\n    Close the window.\n\n    Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify the plug-in is removed successfully.\n\n    Note: If the plug-in still appears, restart the vSphere Client.\n\n    Note: The Managed Object Browser (MOB) may have to be enabled temporarily if it was disabled previously.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000141'\n  tag gid: 'V-VCSA-80-000057'\n  tag rid: 'SV-VCSA-80-000057'\n  tag stig_id: 'VCSA-80-000057'\n  tag cci: ['CCI-000381']\n  tag nist: ['CM-7 a']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000148</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000059</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
 
-or
+Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and any processes acting on behalf of users) must be uniquely identified and authenticated for all accesses except the following.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+(i) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and
+(ii) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable
+Using Active Directory or an identity provider for authentication provides more robust account management capabilities and accountability.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
 
-If the virtual machine advanced setting &quot;isolation.tools.diskWiper.disable&quot; is not set to &quot;true&quot;, this is a finding.
+If the identity provider type is "embedded" and there is no identity source of type "Active Directory" (either Windows Integrated Authentication or LDAP), this is a finding.
 
-If the virtual machine advanced setting &quot;isolation.tools.diskWiper.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If the identity provider type is "Microsoft ADFS" or another supported identity provider, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When using the embedded identity provider type, perform the following:
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Identity Sources.
 
-Find the &quot;isolation.tools.diskWiper.disable&quot; value and set it to &quot;true&quot;.
+Click "Add".
 
-If the setting does not exist no action is needed.
+Select either "Active Directory over LDAP" or "Active Directory (Windows Integrated Authentication)" and configure appropriately.
 
-or
+Note: Windows Integrated Authentication requires that the vCenter server be joined to Active Directory before configuration via Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Active Directory Domain.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+OR
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a28b16f5-40e0-4df5-8e6b-2e6d80f48864</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must limit console sharing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a notification about the new session. If an administrator in the VM logs in using a VMware remote console during their session, a nonadministrator in the VM might connect to the console and observe the administrator&#39;s actions.
-
-Also, this could result in an administrator losing console access to a VM. For example, if a jump box is being used for an open console session and the administrator loses connection to that box, the console session remains open. Allowing two console sessions permits debugging via a shared session. For the highest security, allow only one remote console session at a time.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+To change the identity provider type to a third-party identity provider such as Microsoft ADFS, perform the following:
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
 
-Verify the &quot;RemoteDisplay.maxConnections&quot; value is set to &quot;1&quot;.
+Click "Change Identity Provider".
+
+Select "Microsoft ADFS" and click "Next".
+
+Enter the ADFS server information and User and Group details and click "Finish".
+
+For additional information on configuring ADFS for use with vCenter, refer to the vSphere documentation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000059' do\n  title 'The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.'\n  desc  \"\n    To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.\n\n    Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and any processes acting on behalf of users) must be uniquely identified and authenticated for all accesses except the following.\n\n    (i) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and\n    (ii) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity.\n\n    Using Active Directory or an identity provider for authentication provides more robust account management capabilities and accountability.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.\n\n    If the identity provider type is \\\"embedded\\\" and there is no identity source of type \\\"Active Directory\\\" (either Windows Integrated Authentication or LDAP), this is a finding.\n\n    If the identity provider type is \\\"Microsoft ADFS\\\" or another supported identity provider, this is NOT a finding.\n  \"\n  desc 'fix', \"\n    When using the embedded identity provider type, perform the following:\n\n    From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Identity Sources.\n\n    Click \\\"Add\\\".\n\n    Select either \\\"Active Directory over LDAP\\\" or \\\"Active Directory (Windows Integrated Authentication)\\\" and configure appropriately.\n\n    Note: Windows Integrated Authentication requires that the vCenter server be joined to Active Directory before configuration via Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Active Directory Domain.\n\n    OR\n\n    To change the identity provider type to a third-party identity provider such as Microsoft ADFS, perform the following:\n\n    From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.\n\n    Click \\\"Change Identity Provider\\\".\n\n    Select \\\"Microsoft ADFS\\\" and click \\\"Next\\\".\n\n    Enter the ADFS server information and User and Group details and click \\\"Finish\\\".\n\n    For additional information on configuring ADFS for use with vCenter, refer to the vSphere documentation.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000148'\n  tag satisfies: ['SRG-APP-000153', 'SRG-APP-000163', 'SRG-APP-000180', 'SRG-APP-000234']\n  tag gid: 'V-VCSA-80-000059'\n  tag rid: 'SV-VCSA-80-000059'\n  tag stig_id: 'VCSA-80-000059'\n  tag cci: ['CCI-000764', 'CCI-000770', 'CCI-000795', 'CCI-000804', 'CCI-001682']\n  tag nist: ['AC-2 (2)', 'IA-2', 'IA-2 (5)', 'IA-4 e', 'IA-8']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000770</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000804</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001682</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000149</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000060</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must require multifactor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
 
-or
+Multifactor authentication requires using two or more factors to achieve authentication.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Factors include:
+(i) something a user knows (e.g., password/PIN);
+(ii) something a user has (e.g., cryptographic identification device, token); or
+(iii) something a user is (e.g., biometric).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name RemoteDisplay.maxConnections
+If the embedded identity provider is used, click on "Smart Card Authentication".
 
-If the virtual machine advanced setting &quot;RemoteDisplay.maxConnections&quot; does not exist or is not set to &quot;1&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If the embedded identity provider is used and "Smart Card Authentication" is not enabled, this is a finding.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+If a third-party identity provider is used, such as Microsoft ADFS, and it does not require multifactor authentication to log on to vCenter, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To configure smart card authentication for vCenter when using the embedded identity provider, refer to the vSphere documentation.
 
-Find the &quot;RemoteDisplay.maxConnections&quot; value and set it to &quot;1&quot;.
+For vCenter Servers using a third-party identity provider, consult the product's documentation for enabling multifactor authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000060' do\n  title 'The vCenter Server must require multifactor authentication.'\n  desc  \"\n    Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.\n\n    Multifactor authentication requires using two or more factors to achieve authentication.\n\n    Factors include:\n    (i) something a user knows (e.g., password/PIN);\n    (ii) something a user has (e.g., cryptographic identification device, token); or\n    (iii) something a user is (e.g., biometric).\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.\n\n    If the embedded identity provider is used, click on \\\"Smart Card Authentication\\\".\n\n    If the embedded identity provider is used and \\\"Smart Card Authentication\\\" is not enabled, this is a finding.\n\n    If a third-party identity provider is used, such as Microsoft ADFS, and it does not require multifactor authentication to log on to vCenter, this is a finding.\n  \"\n  desc 'fix', \"\n    To configure smart card authentication for vCenter when using the embedded identity provider, refer to the vSphere documentation.\n\n    For vCenter Servers using a third-party identity provider, consult the product's documentation for enabling multifactor authentication.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000149'\n  tag satisfies: ['SRG-APP-000080', 'SRG-APP-000150', 'SRG-APP-000391', 'SRG-APP-000402']\n  tag gid: 'V-VCSA-80-000060'\n  tag rid: 'SV-VCSA-80-000060'\n  tag stig_id: 'VCSA-80-000060'\n  tag cci: ['CCI-000166', 'CCI-000765', 'CCI-000766', 'CCI-001953', 'CCI-002009']\n  tag nist: ['AU-10', 'IA-2 (1)', 'IA-2 (12)', 'IA-2 (2)', 'IA-8 (1)']\n\n  if input('embeddedIdp')\n    command = '(Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled'\n    describe powercli_command(command) do\n      its('stdout.strip') { should cmp 'true' }\n    end\n  else\n    describe 'This check is a manual or policy based check and must be reviewed manually.' do\n      skip 'This check is a manual or policy based check and must be reviewed manually.'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000166</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000765</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002009</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: False
 
-If the setting does not exist, add the Name and Value setting at the bottom of screen.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000069</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000164</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000069</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000069</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server passwords must be at least 15 characters in length.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
 
-or
+Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name RemoteDisplay.maxConnections | Set-AdvancedSetting -Value 1
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d06e6ea4-2fc3-4ef8-8bd7-39721eefaeda</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-VM: stig vm2 is expected to cmp &#x3D;&#x3D; &quot;1&quot;
+View the value of the "Minimum Length" setting.
 
-expected: 1
-     got: -1
+Minimum Length: 15
 
-(compared using &#x60;cmp&#x60; matcher)
+If the password policy is not configured with a "Minimum Length" policy of "15" or more, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
---------------------------------
-failed
-VM: stigvm1 is expected to cmp &#x3D;&#x3D; &quot;1&quot;
+Click "Edit".
+
+Set the "Minimum Length" to "15" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000069' do\n  title 'The vCenter Server passwords must be at least 15 characters in length.'\n  desc  \"\n    The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.\n\n    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.\n\n    Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Minimum Length\\\" setting.\n\n    Minimum Length: 15\n\n    If the password policy is not configured with a \\\"Minimum Length\\\" policy of \\\"15\\\" or more, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set the \\\"Minimum Length\\\" to \\\"15\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000164'\n  tag gid: 'V-VCSA-80-000069'\n  tag rid: 'SV-VCSA-80-000069'\n  tag stig_id: 'VCSA-80-000069'\n  tag cci: ['CCI-000205']\n  tag nist: ['IA-5 (1) (a)']\n\n  command = '(Get-SsoPasswordPolicy).MinLength'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 15 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).MinLength stdout.strip is expected to cmp &gt;= 15 :: MESSAGE 
+expected it to be &gt;= 15
+     got: 8
 
-expected: 1
-     got: -1
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000070</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000165</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000070</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000070</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must prohibit password reuse for a minimum of five generations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-(compared using &#x60;cmp&#x60; matcher)
+To meet password policy requirements, passwords must be changed at specific policy-based intervals.
 
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;1&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;1&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;1&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must limit informational messages from the virtual machine to the VMX file.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are capable of sending a large and continuous data stream to the host. This 1MB capacity should be sufficient for most cases, but this value can change if necessary.
+If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the result is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-The value can be increased if large amounts of custom information are being stored in the configuration file. The default limit is 1MB.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+View the value of the "Restrict reuse" setting.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Restrict reuse: Users cannot reuse any previous 5 passwords
 
-Verify the &quot;tools.setinfo.sizeLimit&quot; value is set to &quot;1048576&quot;.
+If the password policy is not configured with a "Restrict reuse" policy of "5" or more, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-or
+Click "Edit".
+
+Set the "Restrict reuse" to "5" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000070' do\n  title 'The vCenter Server must prohibit password reuse for a minimum of five generations.'\n  desc  \"\n    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.\n\n    To meet password policy requirements, passwords must be changed at specific policy-based intervals.\n\n    If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the result is a password that is not changed per policy requirements.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Restrict reuse\\\" setting.\n\n    Restrict reuse: Users cannot reuse any previous 5 passwords\n\n    If the password policy is not configured with a \\\"Restrict reuse\\\" policy of \\\"5\\\" or more, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set the \\\"Restrict reuse\\\" to \\\"5\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000165'\n  tag gid: 'V-VCSA-80-000070'\n  tag rid: 'SV-VCSA-80-000070'\n  tag stig_id: 'VCSA-80-000070'\n  tag cci: ['CCI-000200']\n  tag nist: ['IA-5 (1) (e)']\n\n  command = '(Get-SsoPasswordPolicy).ProhibitedPreviousPasswordsCount'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 5 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).ProhibitedPreviousPasswordsCount stdout.strip is expected to cmp &gt;= 5</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000071</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000166</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000071</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000071</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one uppercase character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password is, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.setinfo.sizeLimit
+View the value of the "Character requirements" setting.
 
-If the virtual machine advanced setting &quot;tools.setinfo.sizeLimit&quot; is not set to &quot;1048576&quot;, this is a finding.
+Character requirements: At least 1 uppercase characters
 
-If the virtual machine advanced setting &quot;tools.setinfo.sizeLimit&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If the password policy is not configured with "Character requirements" policy requiring "1" or more uppercase characters, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Click "Edit".
+
+Set "uppercase characters" to at least "1" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000071' do\n  title 'The vCenter Server passwords must contain at least one uppercase character.'\n  desc  \"\n    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.\n\n    Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password is, the greater the number of possible combinations that need to be tested before the password is compromised.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Character requirements\\\" setting.\n\n    Character requirements: At least 1 uppercase characters\n\n    If the password policy is not configured with \\\"Character requirements\\\" policy requiring \\\"1\\\" or more uppercase characters, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set \\\"uppercase characters\\\" to at least \\\"1\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000166'\n  tag gid: 'V-VCSA-80-000071'\n  tag rid: 'SV-VCSA-80-000071'\n  tag stig_id: 'VCSA-80-000071'\n  tag cci: ['CCI-000192']\n  tag nist: ['IA-5 (1) (a)']\n\n  command = '(Get-SsoPasswordPolicy).MinUppercaseCount'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).MinUppercaseCount stdout.strip is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000167</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000072</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one lowercase character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-Find the &quot;tools.setinfo.sizeLimit&quot; value and set it to &quot;1048576&quot;.
+Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-If the setting does not exist no action is needed.
+View the value of the "Character requirements" setting.
 
-or
+Character requirements: At least 1 lowercase characters
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If the password policy is not configured with "Character requirements" policy requiring "1" or more lowercase characters, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.setinfo.sizeLimit | Set-AdvancedSetting -Value 1048576
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f202ef80-166e-46ce-9744-afc43e0b206c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must prevent unauthorized removal, connection and modification of devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-ROM drives, and can modify device settings. Use the virtual machine settings editor or configuration editor to remove unneeded or unused hardware devices. To use the device again, prevent a user or running process in the virtual machine from connecting, disconnecting, or modifying a device from within the guest operating system.
+Click "Edit".
+
+Set "lowercase characters" to at least "1" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000072' do\n  title 'The vCenter Server passwords must contain at least one lowercase character.'\n  desc  \"\n    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.\n\n    Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Character requirements\\\" setting.\n\n    Character requirements: At least 1 lowercase characters\n\n    If the password policy is not configured with \\\"Character requirements\\\" policy requiring \\\"1\\\" or more lowercase characters, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set \\\"lowercase characters\\\" to at least \\\"1\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000167'\n  tag gid: 'V-VCSA-80-000072'\n  tag rid: 'SV-VCSA-80-000072'\n  tag stig_id: 'VCSA-80-000072'\n  tag cci: ['CCI-000193']\n  tag nist: ['IA-5 (1) (a)']\n\n  command = '(Get-SsoPasswordPolicy).MinLowercaseCount'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).MinLowercaseCount stdout.strip is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000073</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000168</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000073</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000073</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one numeric character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-By default, a rogue user with nonadministrator privileges in a virtual machine can:
+Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-1. Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
-2. Disconnect a network adaptor to isolate the virtual machine from its network, which is a denial of service.
-3. Modify settings on a device.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+View the value of the "Character requirements" setting.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Character requirements: At least 1 numeric characters
 
-Verify the &quot;isolation.device.connectable.disable&quot; value is set to &quot;true&quot;.
+If the password policy is not configured with "Character requirements" policy requiring "1" or more numeric characters, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-or
+Click "Edit".
+
+Set "numeric characters" to at least "1" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000073' do\n  title 'The vCenter Server passwords must contain at least one numeric character.'\n  desc  \"\n    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.\n\n    Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Character requirements\\\" setting.\n\n    Character requirements: At least 1 numeric characters\n\n    If the password policy is not configured with \\\"Character requirements\\\" policy requiring \\\"1\\\" or more numeric characters, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set \\\"numeric characters\\\" to at least \\\"1\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000168'\n  tag gid: 'V-VCSA-80-000073'\n  tag rid: 'SV-VCSA-80-000073'\n  tag stig_id: 'VCSA-80-000073'\n  tag cci: ['CCI-000194']\n  tag nist: ['IA-5 (1) (a)']\n\n  command = '(Get-SsoPasswordPolicy).MinNumericCount'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).MinNumericCount stdout.strip is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000074</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000169</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000074</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000074</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one special character.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.device.connectable.disable
+Special characters are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-If the virtual machine advanced setting &quot;isolation.device.connectable.disable&quot; is not set to &quot;true&quot;, this is a finding.
+View the value of the "Character requirements" setting.
 
-If the virtual machine advanced setting &quot;isolation.device.connectable.disable&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Character requirements: At least 1 special characters
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+If the password policy is not configured with "Character requirements" policy requiring "1" or more special characters, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-Find the &quot;isolation.device.connectable.disable&quot; value and set it to &quot;true&quot;.
+Click "Edit".
+
+Set "special characters" to at least "1" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000074' do\n  title 'The vCenter Server passwords must contain at least one special character.'\n  desc  \"\n    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.\n\n    Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.\n\n    Special characters are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Character requirements\\\" setting.\n\n    Character requirements: At least 1 special characters\n\n    If the password policy is not configured with \\\"Character requirements\\\" policy requiring \\\"1\\\" or more special characters, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set \\\"special characters\\\" to at least \\\"1\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000169'\n  tag gid: 'V-VCSA-80-000074'\n  tag rid: 'SV-VCSA-80-000074'\n  tag stig_id: 'VCSA-80-000074'\n  tag cci: ['CCI-001619']\n  tag nist: ['IA-5 (1) (a)']\n\n  command = '(Get-SsoPasswordPolicy).MinSpecialCharCount'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 1 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).MinSpecialCharCount stdout.strip is expected to cmp &gt;= 1</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000077</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enable FIPS-validated cryptography.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules use authentication that meets DOD requirements.
 
-If the setting does not exist no action is needed.
+In vSphere 6.7 and later, ESXi and vCenter Server use FIPS-validated cryptography to protect management interfaces and the VMware Certificate Authority (VMCA).
 
-or
+vSphere 7.0 Update 2 and later adds additional FIPS-validated cryptography to vCenter Server Appliance. By default, this FIPS validation option is disabled and must be enabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Developer Center &gt;&gt; API Explorer.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From the "Select API" drop-down menu, select appliance.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name isolation.device.connectable.disable | Set-AdvancedSetting -Value true
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>05a671c3-bd64-4f3d-af26-f556c46d8cff</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000198</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must not be able to obtain host information from the hypervisor.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If enabled, a VM can obtain detailed information about the physical host. The default value for the parameter is FALSE. This setting should not be TRUE unless a particular VM requires this information for performance monitoring. An adversary could use this information to inform further attacks on the host.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Expand system/security/global_fips &gt;&gt; GET.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Click "Execute" and then "Copy Response" to view the results.
+
+Example response:
 
-Verify the &quot;tools.guestlib.enableHostInfo&quot; value is set to &quot;false&quot;.
+{
+    "enabled": true
+}
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo
+Invoke-GetSystemGlobalFips
 
-If the virtual machine advanced setting &quot;tools.guestlib.enableHostInfo&quot; is not set to &quot;false&quot;, this is a finding.
+If global FIPS mode is not enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Web Client go to Developer Center &gt;&gt; API Explorer.
 
-If the virtual machine advanced setting &quot;tools.guestlib.enableHostInfo&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+From the "Select API" drop-down menu, select appliance.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Expand system/security/global_fips &gt;&gt; PUT.
 
-Find the &quot;tools.guestlib.enableHostInfo&quot; value and set it to &quot;false&quot;.
+In the response body under "Try it out" paste the following:
 
-If the setting does not exist no action is needed.
+{
+    "enabled": true
+}
+
+Click "Execute".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo | Set-AdvancedSetting -Value false
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>08047089-ea83-4c99-b554-5d6f39b0887d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must have shared salt values disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When salting is enabled (Mem.ShareForceSalting&#x3D;1 or 2) to share a page between two virtual machines, both salt and the content of the page must be same. A salt value is a configurable advanced option for each virtual machine. The salt values can be specified manually in the virtual machine&#39;s advanced settings with the new option &quot;sched.mem.pshare.salt&quot;.
-
-If this option is not present in the virtual machine&#39;s advanced settings, the value of the &quot;vc.uuid&quot; option is taken as the default value. Because the &quot;vc.uuid&quot; is unique to each virtual machine, by default Transparent Page Sharing (TPS) happens only among the pages belonging to a particular virtual machine (Intra-VM).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+$spec = Initialize-SystemSecurityGlobalFipsUpdateSpec -Enabled $true; Invoke-SetSystemGlobalFips -SystemSecurityGlobalFipsUpdateSpec $spec
+
+Note: The vCenter server reboots after FIPS is enabled or disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000077' do\n  title 'The vCenter Server must enable FIPS-validated cryptography.'\n  desc  \"\n    FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules use authentication that meets DOD requirements.\n\n    In vSphere 6.7 and later, ESXi and vCenter Server use FIPS-validated cryptography to protect management interfaces and the VMware Certificate Authority (VMCA).\n\n    vSphere 7.0 Update 2 and later adds additional FIPS-validated cryptography to vCenter Server Appliance. By default, this FIPS validation option is disabled and must be enabled.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Web Client, go to Developer Center &gt;&gt; API Explorer.\n\n    From the \\\"Select API\\\" drop-down menu, select appliance.\n\n    Expand system/security/global_fips &gt;&gt; GET.\n\n    Click \\\"Execute\\\" and then \\\"Copy Response\\\" to view the results.\n\n    Example response:\n\n    {\n        \\\"enabled\\\": true\n    }\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Invoke-GetSystemGlobalFips\n\n    If global FIPS mode is not enabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Web Client go to Developer Center &gt;&gt; API Explorer.\n\n    From the \\\"Select API\\\" drop-down menu, select appliance.\n\n    Expand system/security/global_fips &gt;&gt; PUT.\n\n    In the response body under \\\"Try it out\\\" paste the following:\n\n    {\n        \\\"enabled\\\": true\n    }\n\n    Click \\\"Execute\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    $spec = Initialize-SystemSecurityGlobalFipsUpdateSpec -Enabled $true; Invoke-SetSystemGlobalFips -SystemSecurityGlobalFipsUpdateSpec $spec\n\n    Note: The vCenter server reboots after FIPS is enabled or disabled.\n  \"\n  impact 0.7\n  tag severity: 'high'\n  tag gtitle: 'SRG-APP-000172'\n  tag satisfies: ['SRG-APP-000179', 'SRG-APP-000224', 'SRG-APP-000231', 'SRG-APP-000412', 'SRG-APP-000514', 'SRG-APP-000555', 'SRG-APP-000600', 'SRG-APP-000610', 'SRG-APP-000620', 'SRG-APP-000630', 'SRG-APP-000635']\n  tag gid: 'V-VCSA-80-000077'\n  tag rid: 'SV-VCSA-80-000077'\n  tag stig_id: 'VCSA-80-000077'\n  tag cci: ['CCI-000197', 'CCI-000803', 'CCI-001188', 'CCI-001199', 'CCI-001967', 'CCI-002450', 'CCI-003123']\n  tag nist: ['IA-3 (1)', 'IA-5 (1) (c)', 'IA-7', 'MA-4 (6)', 'SC-13', 'SC-23 (3)', 'SC-28']\n\n  command = 'Invoke-GetSystemGlobalFips | Select-Object -ExpandProperty enabled'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'True' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001188</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-003123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Invoke-GetSystemGlobalFips | Select-Object -ExpandProperty enabled stdout.strip is expected to cmp == "True" :: MESSAGE 
+expected: True
+     got: False
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000079</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000174</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000079</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000079</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enforce a 90-day maximum password lifetime restriction.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked. Therefore, passwords must be changed at specific intervals.
 
-Verify the &quot;sched.mem.pshare.salt&quot; setting does not exist.
+One method of minimizing this risk is to use complex passwords and periodically change them. If the application does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the system and/or application passwords could be compromised.
 
-or
+This requirement does not include emergency administration accounts, which are meant for access to the application in case of failure. These accounts are not required to have maximum password lifetime restrictions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+View the value of the "Maximum lifetime" setting.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name sched.mem.pshare.salt
+Maximum lifetime: Password must be changed every 90 days
 
-If the virtual machine advanced setting &quot;sched.mem.pshare.salt&quot; exists, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If the password policy is not configured with "Maximum lifetime" policy of "90" or less, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Click "Edit".
+
+Set "Maximum lifetime" to "90" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000079' do\n  title 'The vCenter Server must enforce a 90-day maximum password lifetime restriction.'\n  desc  \"\n    Any password, no matter how complex, can eventually be cracked. Therefore, passwords must be changed at specific intervals.\n\n    One method of minimizing this risk is to use complex passwords and periodically change them. If the application does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the system and/or application passwords could be compromised.\n\n    This requirement does not include emergency administration accounts, which are meant for access to the application in case of failure. These accounts are not required to have maximum password lifetime restrictions.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    View the value of the \\\"Maximum lifetime\\\" setting.\n\n    Maximum lifetime: Password must be changed every 90 days\n\n    If the password policy is not configured with \\\"Maximum lifetime\\\" policy of \\\"90\\\" or less, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.\n\n    Click \\\"Edit\\\".\n\n    Set \\\"Maximum lifetime\\\" to \\\"90\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000174'\n  tag gid: 'V-VCSA-80-000079'\n  tag rid: 'SV-VCSA-80-000079'\n  tag stig_id: 'VCSA-80-000079'\n  tag cci: ['CCI-000199']\n  tag nist: ['IA-5 (1) (d)']\n\n  command = '(Get-SsoPasswordPolicy).PasswordLifetimeDays'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &lt;= 90 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoPasswordPolicy).PasswordLifetimeDays stdout.strip is expected to cmp &lt;= 90</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000080</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000175</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000080</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000080</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enable revocation checking for certificate-based authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The system must establish the validity of the user-supplied identity certificate using Online Certificate Status Protocol (OCSP) and/or Certificate Revocation List (CRL) revocation checking.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a federated identity provider is configured and used for an identity source and supports Smartcard authentication, this is not applicable.
 
-Delete the &quot;sched.mem.pshare.salt&quot; setting.
+From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
 
-or
+Under Smart card authentication settings &gt;&gt; Certificate revocation, verify "Revocation check" does not show as disabled.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If "Revocation check" shows as disabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name sched.mem.pshare.salt | Remove-AdvancedSetting
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>659a1794-e864-4886-9ca5-a3bb90a5a465</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable access through the &quot;dvfilter&quot; network Application Programming Interface (API).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>An attacker might compromise a VM by using the &quot;dvFilter&quot; API. Configure only VMs that need this access to use the API.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Under Smart card authentication settings &gt;&gt; Certificate revocation, click the "Edit" button.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Configure revocation checking per site requirements. OCSP with CRL failover is recommended.
 
-Verify the settings with the format &quot;ethernet*.filter*.name&quot; do not exist.
+By default, both locations are pulled from the cert. CRL location can be overridden in this screen, and local responders can be specified via the sso-config command line tool. See the vSphere documentation for more information.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000080' do\n  title 'The vCenter Server must enable revocation checking for certificate-based authentication.'\n  desc  'The system must establish the validity of the user-supplied identity certificate using Online Certificate Status Protocol (OCSP) and/or Certificate Revocation List (CRL) revocation checking.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If a federated identity provider is configured and used for an identity source and supports Smartcard authentication, this is not applicable.\n\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.\n\n    Under Smart card authentication settings &gt;&gt; Certificate revocation, verify \\\"Revocation check\\\" does not show as disabled.\n\n    If \\\"Revocation check\\\" shows as disabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.\n\n    Under Smart card authentication settings &gt;&gt; Certificate revocation, click the \\\"Edit\\\" button.\n\n    Configure revocation checking per site requirements. OCSP with CRL failover is recommended.\n\n    By default, both locations are pulled from the cert. CRL location can be overridden in this screen, and local responders can be specified via the sso-config command line tool. See the vSphere documentation for more information.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000175'\n  tag satisfies: ['SRG-APP-000392', 'SRG-APP-000401', 'SRG-APP-000403']\n  tag gid: 'V-VCSA-80-000080'\n  tag rid: 'SV-VCSA-80-000080'\n  tag stig_id: 'VCSA-80-000080'\n  tag cci: ['CCI-000185', 'CCI-001954', 'CCI-001991', 'CCI-002010']\n  tag nist: ['IA-2 (12)', 'IA-5 (2) (a)', 'IA-5 (2) (d)', 'IA-8 (1)']\n\n  if input('embeddedIdp')\n    describe.one do\n      describe powercli_command('(Get-SsoAuthenticationPolicy).OCSPEnabled') do\n        its('stdout.strip') { should cmp 'true' }\n      end\n      describe powercli_command('(Get-SsoAuthenticationPolicy).UseInCertCRL') do\n        its('stdout.strip') { should cmp 'true' }\n      end\n      describe powercli_command('(Get-SsoAuthenticationPolicy).CRLUrl') do\n        its('stdout.strip') { should_not cmp '' }\n      end\n    end\n  else\n    describe 'This check is a manual or policy based check and must be reviewed manually.' do\n      skip 'This check is a manual or policy based check and must be reviewed manually.'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000185</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001991</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-SsoAuthenticationPolicy).UseInCertCRL stdout.strip is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000089</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000190</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000089</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000089</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free resources committed by the managed network element.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.
 
-or
+View the value of the "Session timeout" setting.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If the "Session timeout" is not set to "15 minute(s)" or less this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name &quot;ethernet*.filter*.name*&quot;
+Click "Edit" and enter "15" minutes into the "Session timeout" setting. Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000089' do\n  title 'The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.'\n  desc  'Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free resources committed by the managed network element.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.\n\n    View the value of the \\\"Session timeout\\\" setting.\n\n    If the \\\"Session timeout\\\" is not set to \\\"15 minute(s)\\\" or less this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.\n\n    Click \\\"Edit\\\" and enter \\\"15\\\" minutes into the \\\"Session timeout\\\" setting. Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000190'\n  tag satisfies: ['SRG-APP-000295', 'SRG-APP-000389']\n  tag gid: 'V-VCSA-80-000089'\n  tag rid: 'SV-VCSA-80-000089'\n  tag stig_id: 'VCSA-80-000089'\n  tag cci: ['CCI-001133', 'CCI-002038', 'CCI-002361']\n  tag nist: ['AC-12', 'IA-11', 'SC-10']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server user roles must be verified.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Users and service accounts must only be assigned privileges they require. Least privilege requires that these privileges must only be assigned if needed to reduce risk of confidentiality, availability, or integrity loss.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-If the virtual machine advanced setting &quot;ethernet*.filter*.name&quot; exists and dvfilters are not in use, this is a finding.
+View each role and verify the users and/or groups assigned to it by clicking on "Usage".
 
-If the virtual machine advanced setting &quot;ethernet*.filter*.name&quot; exists and the value is not valid, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+or
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Look for settings with the format &quot;ethernet*.filter*.name&quot;.
+Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
 
-Ensure only required VMs use this setting.
+Application service account and user required privileges should be documented.
 
-or
+If any user or service account has more privileges than required, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To update a user's or group's permissions to an existing role with reduced permissions, do the following:
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name ethernetX.filterY.name | Remove-AdvancedSetting
-
-Note: Change the X and Y values to match the specific setting in the organization&#39;s environment.
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3aefe941-2dd2-46cd-a652-0f6b03dc9eb2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000201</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must be configured to lock when the last console connection is closed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session hijacking. This setting only applies to Windows-based VMs with VMware tools installed.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Select the user or group, click the pencil button, change the assigned role, and click "OK".
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.
+Note: If permissions are assigned on a specific object, the role must be updated where it is assigned (for example, at the cluster level).
 
-Verify the option &quot;Lock the guest operating system when the last remote user disconnects&quot; is checked.
+To create a new role with reduced permissions, do the following:
 
-or
+From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Click the green plus sign and enter a name for the role and select only the specific permissions required.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.guest.desktop.autolock
+Users can then be assigned to the newly created role.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000095' do\n  title 'The vCenter Server user roles must be verified.'\n  desc  'Users and service accounts must only be assigned privileges they require. Least privilege requires that these privileges must only be assigned if needed to reduce risk of confidentiality, availability, or integrity loss.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    View each role and verify the users and/or groups assigned to it by clicking on \\\"Usage\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto\n\n    Application service account and user required privileges should be documented.\n\n    If any user or service account has more privileges than required, this is a finding.\n  \"\n  desc 'fix', \"\n    To update a user's or group's permissions to an existing role with reduced permissions, do the following:\n\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.\n\n    Select the user or group, click the pencil button, change the assigned role, and click \\\"OK\\\".\n\n    Note: If permissions are assigned on a specific object, the role must be updated where it is assigned (for example, at the cluster level).\n\n    To create a new role with reduced permissions, do the following:\n\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    Click the green plus sign and enter a name for the role and select only the specific permissions required.\n\n    Users can then be assigned to the newly created role.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000211'\n  tag satisfies: ['SRG-APP-000233', 'SRG-APP-000380']\n  tag gid: 'V-VCSA-80-000095'\n  tag rid: 'SV-VCSA-80-000095'\n  tag stig_id: 'VCSA-80-000095'\n  tag cci: ['CCI-001082', 'CCI-001084', 'CCI-001813']\n  tag nist: ['CM-5 (1)', 'SC-2', 'SC-3']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001082</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001084</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000247</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000110</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
 
-If the virtual machine advanced setting &quot;tools.guest.desktop.autolock&quot; is not set to &quot;true&quot;, this is a finding.
+Managing excess capacity ensures sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-If the virtual machine advanced setting &quot;tools.guest.desktop.autolock&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+From the vSphere Client, go to Networking.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Check the box next to &quot;Lock the guest operating system when the last remote user disconnects&quot;. Click &quot;OK&quot;.
+View the "Properties" pane and verify "Network I/O Control" is "Enabled".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name tools.guest.desktop.autolock | Set-AdvancedSetting -Value true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>09ff2ed2-62d3-4362-95dd-374d15d5d442</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;true&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;true&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000202</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable 3D features when not required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most server workloads or desktops not using 3D applications).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Get-VDSwitch | select Name,@{N="NIOC Enabled";E={$_.ExtensionData.config.NetworkResourceManagementEnabled}}
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.
+If "Network I/O Control" is disabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Networking.
 
-Expand the &quot;Video card&quot; and verify the &quot;Enable 3D Support&quot; checkbox is unchecked.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+
+In the "Properties" pane, click "Edit". Change "Network I/O Control" to "Enabled". Click "OK".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name mks.enable3d
+(Get-VDSwitch "VDSwitch Name" | Get-View).EnableNetworkResourceManagement($true)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000110' do\n  title 'The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC).'\n  desc  \"\n    DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.\n\n    Managing excess capacity ensures sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to Networking.\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    View the \\\"Properties\\\" pane and verify \\\"Network I/O Control\\\" is \\\"Enabled\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDSwitch | select Name,@{N=\\\"NIOC Enabled\\\";E={$_.ExtensionData.config.NetworkResourceManagementEnabled}}\n\n    If \\\"Network I/O Control\\\" is disabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Networking.\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    In the \\\"Properties\\\" pane, click \\\"Edit\\\". Change \\\"Network I/O Control\\\" to \\\"Enabled\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    (Get-VDSwitch \\\"VDSwitch Name\\\" | Get-View).EnableNetworkResourceManagement($true)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000247'\n  tag gid: 'V-VCSA-80-000110'\n  tag rid: 'SV-VCSA-80-000110'\n  tag stig_id: 'VCSA-80-000110'\n  tag cci: ['CCI-001095']\n  tag nist: ['SC-5 (2)']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\").ExtensionData.Config.NetworkResourceManagementEnabled\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001095</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 1").ExtensionData.Config.NetworkResourceManagementEnabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: False
 
-If the virtual machine advanced setting &quot;mks.enable3d&quot; exists and is not set to &quot;false&quot;, this is a finding.
+(compared using `cmp` matcher)
 
-If the virtual machine advanced setting &quot;mks.enable3d&quot; does not exist, this is not a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+--------------------------------
+failed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 2").ExtensionData.Config.NetworkResourceManagementEnabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: False
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000123</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Once an attacker establishes initial access to a system, they often attempt to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create a new account. They may also try to hijack an existing account by changing a password or enabling a previously disabled account. Therefore, all actions performed on accounts in the SSO domain much be alerted on in vCenter at a minimum and ideally on a Security Information and Event Management (SIEM) system as well.
 
-Expand the &quot;Video card&quot; and uncheck the &quot;Enable 3D Support&quot; checkbox.
+To ensure the appropriate personnel are alerted about SSO account actions, create a new vCenter alarm for the "com.vmware.sso.PrincipalManagement" event ID and configure the alert mechanisms appropriately.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.
+
+Verify there is an alarm created to alert upon all SSO account actions.
 
-Click &quot;OK&quot;.
+The alarm name may vary, but it is suggested to name it "SSO account actions - com.vmware.sso.PrincipalManagement".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name mks.enable3d | Set-AdvancedSetting -Value &quot;false&quot;
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>faa7ca2d-1d0f-4050-a233-1fa668a277d0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000203</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable encryption for vMotion.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphere 6.5, this transfer can be transparently encrypted using 256-bit AES-GCM with negligible performance impact.
+Get-AlarmDefinition | Where {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq "com.vmware.sso.PrincipalManagement"} | Select Name,Enabled,@{N="EventTypeId";E={$_.ExtensionData.Info.Expression.Expression.EventTypeId}}
 
-vSphere enables encrypted vMotion by default as &quot;Opportunistic&quot;, meaning that encrypted channels are used where supported, but the operation will continue in plain text where encryption is not supported.
+If an alarm is not created to alert on SSO account actions, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-For example, when vMotioning between two hosts, encryption will always be used. However, because 6.0 and earlier releases do not support this feature, vMotion from a 7.0 host to a 6.0 host would be allowed but would not be encrypted. If the encryption is set to &quot;Required&quot;, vMotions to unsupported hosts will fail. This must be set to &quot;Opportunistic&quot; or &quot;Required&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
+Click "Add".
 
-or
+Provide the alarm name of "SSO account actions - com.vmware.sso.PrincipalManagement" and an optional description.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From the "Target type" dropdown menu, select "vCenter Server".
 
-Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -eq &quot;disabled&quot;)}
+Click "Next".
 
-If the &quot;Encrypted vMotion&quot; setting does not have a value of &quot;Opportunistic&quot; or &quot;Required&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Paste "com.vmware.sso.PrincipalManagement" (without quotes) in the line after "IF" and press "Enter".
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
+Next to "Trigger the alarm and", select "Show as Warning".
 
-For &quot;Encrypted vMotion&quot; set the value to &quot;Opportunistic&quot; or &quot;Required&quot;. Click &quot;OK&quot;.
+Configure the desired notification actions that will inform the SA and ISSO of the event.
 
-or
+Click "Next". Click "Next" again. Click "Create".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000123' do\n  title 'The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.'\n  desc  \"\n    Once an attacker establishes initial access to a system, they often attempt to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create a new account. They may also try to hijack an existing account by changing a password or enabling a previously disabled account. Therefore, all actions performed on accounts in the SSO domain much be alerted on in vCenter at a minimum and ideally on a Security Information and Event Management (SIEM) system as well.\n\n    To ensure the appropriate personnel are alerted about SSO account actions, create a new vCenter alarm for the \\\"com.vmware.sso.PrincipalManagement\\\" event ID and configure the alert mechanisms appropriately.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.\n\n    Verify there is an alarm created to alert upon all SSO account actions.\n\n    The alarm name may vary, but it is suggested to name it \\\"SSO account actions - com.vmware.sso.PrincipalManagement\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AlarmDefinition | Where {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq \\\"com.vmware.sso.PrincipalManagement\\\"} | Select Name,Enabled,@{N=\\\"EventTypeId\\\";E={$_.ExtensionData.Info.Expression.Expression.EventTypeId}}\n\n    If an alarm is not created to alert on SSO account actions, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.\n\n    Click \\\"Add\\\".\n\n    Provide the alarm name of \\\"SSO account actions - com.vmware.sso.PrincipalManagement\\\" and an optional description.\n\n    From the \\\"Target type\\\" dropdown menu, select \\\"vCenter Server\\\".\n\n    Click \\\"Next\\\".\n\n    Paste \\\"com.vmware.sso.PrincipalManagement\\\" (without quotes) in the line after \\\"IF\\\" and press \\\"Enter\\\".\n\n    Next to \\\"Trigger the alarm and\\\", select \\\"Show as Warning\\\".\n\n    Configure the desired notification actions that will inform the SA and ISSO of the event.\n\n    Click \\\"Next\\\". Click \\\"Next\\\" again. Click \\\"Create\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000291'\n  tag satisfies: ['SRG-APP-000292', 'SRG-APP-000293', 'SRG-APP-000294', 'SRG-APP-000320']\n  tag gid: 'V-VCSA-80-000123'\n  tag rid: 'SV-VCSA-80-000123'\n  tag stig_id: 'VCSA-80-000123'\n  tag cci: ['CCI-001683', 'CCI-001684', 'CCI-001685', 'CCI-001686', 'CCI-002132']\n  tag nist: ['AC-2 (4)']\n\n  command = 'Get-AlarmDefinition | Where-Object {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq \"com.vmware.sso.PrincipalManagement\"} | Select-Object -ExpandProperty Enabled'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'true' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001683</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001684</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001685</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001686</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002132</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-AlarmDefinition | Where-Object {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq "com.vmware.sso.PrincipalManagement"} | Select-Object -ExpandProperty Enabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: 
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000145</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-$spec &#x3D; New-Object VMware.Vim.VirtualMachineConfigSpec
-$spec.MigrateEncryption &#x3D; New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes
-$spec.MigrateEncryption &#x3D; $true
-(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4f4cf11d-de32-491c-bcc7-c078f9fbce58</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be in &quot;opportunistic&quot; and &quot;required&quot;
---------------------------------
-passed
-VM: stigvm1 is expected to be in &quot;opportunistic&quot; and &quot;required&quot;
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be in &quot;opportunistic&quot; and &quot;required&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be in &quot;opportunistic&quot; and &quot;required&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be in &quot;opportunistic&quot; and &quot;required&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000204</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable encryption for Fault Tolerance.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine&#39;s memory or CPU instructions.
+View the value of the "Time interval between failures" setting.
 
-vSphere Fault Tolerance performs frequent checks between a primary VM and secondary VM so the secondary VM can quickly resume from the last successful checkpoint. The checkpoint contains the VM state that has been modified since the previous checkpoint.
+Time interval between failures: 900 seconds
 
-When Fault Tolerance is turned on, FT encryption is set to &quot;Opportunistic&quot; by default, which means it enables encryption only if both the primary and secondary host are capable of encryption.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the Virtual Machine does not have Fault Tolerance enabled, this is not applicable.
+If the lockout policy is not configured with "Time interval between failures" policy of "900" or more, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-For each virtual machine do the following:
+Click "Edit".
+
+Set the "Time interval between failures" to "900" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000145' do\n  title 'The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes.'\n  desc  'By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    View the value of the \\\"Time interval between failures\\\" setting.\n\n    Time interval between failures: 900 seconds\n\n    If the lockout policy is not configured with \\\"Time interval between failures\\\" policy of \\\"900\\\" or more, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    Click \\\"Edit\\\".\n\n    Set the \\\"Time interval between failures\\\" to \\\"900\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000345'\n  tag gid: 'V-VCSA-80-000145'\n  tag rid: 'SV-VCSA-80-000145'\n  tag stig_id: 'VCSA-80-000145'\n  tag cci: ['CCI-002238']\n  tag nist: ['AC-7 b']\n\n  command = '(Get-SsoLockoutPolicy).FailedAttemptIntervalSec'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= 900 }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoLockoutPolicy).FailedAttemptIntervalSec stdout.strip is expected to cmp &gt;= 900 :: MESSAGE 
+expected it to be &gt;= 900
+     got: 180
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000148</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000148</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000148</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must be configured to send logs to a central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter must be configured to send near real-time log data to syslog collectors so information will be available to investigators in the case of a security incident or to assist in troubleshooting.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Syslog" on the left navigation pane.
+
+On the resulting pane on the right, verify at least one site-specific syslog receiver is configured and is listed as "Reachable".
+
+If no valid syslog collector is configured or if the collector is not listed as "Reachable", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with an SSO account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Syslog" on the left navigation pane.
+
+On the resulting pane on the right, click "Edit" or "Configure".
 
-or
+Edit or add the address and port of a site-specific syslog aggregator or Security Information Event Management (SIEM) system with the appropriate protocol.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+User Datagram Protocol (UDP) is discouraged due to its stateless and unencrypted nature. Transport Layer Security (TLS) is preferred.
 
-Get-VM | Where {($_.ExtensionData.Config.FtEncryptionMode -ne &quot;ftEncryptionOpportunistic&quot;) -and ($_.ExtensionData.Config.FtEncryptionMode -ne &quot;ftEncryptionRequired&quot;)}
+Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000148' do\n  title 'The vCenter Server must be configured to send logs to a central log server.'\n  desc  'vCenter must be configured to send near real-time log data to syslog collectors so information will be available to investigators in the case of a security incident or to assist in troubleshooting.'\n  desc  'rationale', ''\n  desc  'check', \"\n    Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Syslog\\\" on the left navigation pane.\n\n    On the resulting pane on the right, verify at least one site-specific syslog receiver is configured and is listed as \\\"Reachable\\\".\n\n    If no valid syslog collector is configured or if the collector is not listed as \\\"Reachable\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    Open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with an SSO account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Syslog\\\" on the left navigation pane.\n\n    On the resulting pane on the right, click \\\"Edit\\\" or \\\"Configure\\\".\n\n    Edit or add the address and port of a site-specific syslog aggregator or Security Information Event Management (SIEM) system with the appropriate protocol.\n\n    User Datagram Protocol (UDP) is discouraged due to its stateless and unencrypted nature. Transport Layer Security (TLS) is preferred.\n\n    Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000358'\n  tag gid: 'V-VCSA-80-000148'\n  tag rid: 'SV-VCSA-80-000148'\n  tag stig_id: 'VCSA-80-000148'\n  tag cci: ['CCI-001851']\n  tag nist: ['AU-4 (1)']\n\n  command = 'Invoke-GetLoggingForwarding | Select-Object -ExpandProperty hostname'\n  logservers = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if logservers.empty?\n    describe \"No log servers configured: #{logservers}\" do\n      subject { logservers }\n      it { should_not be_empty }\n    end\n  else\n    logservers.each do |server|\n      describe server do\n        subject { server }\n        it { should be_in input('syslogServers') }\n      end\n    end\n    logserverstatuscommand = 'Invoke-TestLoggingForwarding | Select-Object -ExpandProperty state'\n    logserverstatus = powercli_command(logserverstatuscommand).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n    logserverstatus.each do |status|\n      describe status do\n        subject { status }\n        it { should cmp 'UP' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST No log servers configured: [] is expected not to be empty :: MESSAGE expected `[].empty?` to be falsey, got true</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000360</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000150</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.
 
-If the &quot;Encrypted FT&quot; setting does not have a value of &quot;Opportunistic&quot; or &quot;Required&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Review the Central Logging Server being used to verify it is configured to alert the SA and ISSO, at a minimum, on any AO-defined events. Otherwise, this is a finding.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
+If there are no AO-defined events, this is not a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configure the Central Logging Server being used to alert the SA and ISSO, at a minimum, on any AO-defined events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000150' do\n  title 'The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.'\n  desc  \"\n    It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.\n\n    Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Review the Central Logging Server being used to verify it is configured to alert the SA and ISSO, at a minimum, on any AO-defined events. Otherwise, this is a finding.\n\n    If there are no AO-defined events, this is not a finding.\n  \"\n  desc 'fix', 'Configure the Central Logging Server being used to alert the SA and ISSO, at a minimum, on any AO-defined events.'\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000360'\n  tag satisfies: ['SRG-APP-000379', 'SRG-APP-000510']\n  tag gid: 'V-VCSA-80-000150'\n  tag rid: 'SV-VCSA-80-000150'\n  tag stig_id: 'VCSA-80-000150'\n  tag cci: ['CCI-000172', 'CCI-001744', 'CCI-001858']\n  tag nist: ['AU-12 c', 'AU-5 (2)', 'CM-3 (5)']\n\n  describe 'This check is a manual or policy based check' do\n    skip 'This must be reviewed manually'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001858</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check :: SKIP_MESSAGE This must be reviewed manually</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000158</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000371</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000158</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000158</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity.
 
-For &quot;Encrypted FT&quot; set the value to &quot;Opportunistic&quot; or &quot;Required&quot;. Click &quot;OK&quot;.
+Synchronizing internal information system clocks to an authoritative time server provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Time" on the left navigation pane.
+
+On the resulting pane on the right, verify at least one authorized time server is configured and is listed as "Reachable".
+
+If "NTP" is not enabled and at least one authorized time server configured, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with an SSO account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Time" on the left navigation pane.
+
+On the resulting pane on the right, click "Edit" under "Time Synchronization".
+
+Select "NTP" for "Mode" and enter a list of authorized time servers separated by commas. Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000158' do\n  title 'The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.'\n  desc  \"\n    Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity.\n\n    Synchronizing internal information system clocks to an authoritative time server provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Time\\\" on the left navigation pane.\n\n    On the resulting pane on the right, verify at least one authorized time server is configured and is listed as \\\"Reachable\\\".\n\n    If \\\"NTP\\\" is not enabled and at least one authorized time server configured, this is a finding.\n  \"\n  desc 'fix', \"\n    Open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with an SSO account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Time\\\" on the left navigation pane.\n\n    On the resulting pane on the right, click \\\"Edit\\\" under \\\"Time Synchronization\\\".\n\n    Select \\\"NTP\\\" for \\\"Mode\\\" and enter a list of authorized time servers separated by commas. Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000371'\n  tag gid: 'V-VCSA-80-000158'\n  tag rid: 'SV-VCSA-80-000158'\n  tag stig_id: 'VCSA-80-000158'\n  tag cci: ['CCI-001891']\n  tag nist: ['AU-8 (1) (a)']\n\n  command = 'Invoke-GetTimesync'\n  timesync = powercli_command(command).stdout.strip\n\n  if timesync == 'NTP'\n    ntpserverscommand = 'Invoke-GetNtp'\n    ntpservers = powercli_command(ntpserverscommand).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n    ntpservers.each do |server|\n      describe server do\n        subject { server }\n        it { should be_in input('ntpServers') }\n      end\n      ntpstatuscommand = \"Initialize-NtpTestRequestBody -Servers #{server} | Invoke-TestNtp | Select-Object -ExpandProperty status\"\n      ntpstatus = powercli_command(ntpstatuscommand).stdout.strip\n      describe ntpstatus do\n        subject { ntpstatus }\n        it { should cmp 'SERVER_REACHABLE' }\n      end\n    end\n  else\n    describe \"Timesync Configuration: #{timesync}\" do\n      subject { timesync }\n      it { should cmp 'NTP' }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST Timesync Configuration: HOST is expected to cmp == "NTP" :: MESSAGE 
+expected: NTP
+     got: HOST
 
-or
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000427</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Untrusted certificate authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DOD-approved CA, trust of this CA has not been established.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+The DOD will only accept public key infrastructure (PKI) certificates obtained from a DOD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of Transport Layer Security (TLS) certificates.
 
-$spec &#x3D; New-Object VMware.Vim.VirtualMachineConfigSpec
-$spec.FTEncryption &#x3D; New-Object VMware.Vim.VMware.Vim.VirtualMachineConfigSpecEncryptedFtModes
-$spec.FT &#x3D; ftEncryptionOpportunistic or ftEncryptionRequired
-(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d62cd526-5d92-495e-9c4f-5e2bb4fa3423</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be in &quot;ftEncryptionOpportunistic&quot; and &quot;ftEncryptionRequired&quot;
---------------------------------
-passed
-VM: stigvm1 is expected to be in &quot;ftEncryptionOpportunistic&quot; and &quot;ftEncryptionRequired&quot;
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be in &quot;ftEncryptionOpportunistic&quot; and &quot;ftEncryptionRequired&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be in &quot;ftEncryptionOpportunistic&quot; and &quot;ftEncryptionRequired&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be in &quot;ftEncryptionOpportunistic&quot; and &quot;ftEncryptionRequired&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must configure log size.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.
+The default self-signed, VMware Certificate Authority (VMCA)-issued vCenter reverse proxy certificate must be replaced with a DOD-approved certificate. The use of a DOD certificate on the vCenter reverse proxy and other services assures clients that the service they are connecting to is legitimate and trusted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.
 
-By default, the size of these logs is unlimited, and they are only rotated on vMotion or power events. This can cause storage issues at scale for VMs that do not vMotion or power cycle often.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Click "View Details" and examine the "Issuer Information" block.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+If the issuer specified is not a DOD approved certificate authority, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Obtain a DOD-issued certificate and private key for each vCenter in the system following the requirements below:
 
-Verify the &quot;log.rotateSize&quot; value is set to &quot;2048000&quot;.
+Key size: 2048 bits or more (PEM encoded)
+CRT format (Base-64)
+x509 version 3
+SubjectAltName must contain DNS Name=&lt;machine_FQDN&gt;
+Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment
 
-or
+Export the entire certificate issuing chain up to the root in Base-64 format. Concatenate the individual certificates into one file with the ".cer" extension.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name log.rotateSize
+Click Actions &gt;&gt; Import and Replace Certificate.
 
-If the virtual machine advanced setting &quot;log.rotateSize&quot; is not set to &quot;2048000&quot;, this is a finding.
+Select the "Replace with external CA certificate" radio button and click "Next".
 
-If the virtual machine advanced setting &quot;log.rotateSize&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Supply the CA-issued certificate , the exported roots file, and the private key.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Click "Replace".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000195' do\n  title 'The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority.'\n  desc  \"\n    Untrusted certificate authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DOD-approved CA, trust of this CA has not been established.\n\n    The DOD will only accept public key infrastructure (PKI) certificates obtained from a DOD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of Transport Layer Security (TLS) certificates.\n\n    The default self-signed, VMware Certificate Authority (VMCA)-issued vCenter reverse proxy certificate must be replaced with a DOD-approved certificate. The use of a DOD certificate on the vCenter reverse proxy and other services assures clients that the service they are connecting to is legitimate and trusted.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.\n\n    Click \\\"View Details\\\" and examine the \\\"Issuer Information\\\" block.\n\n    If the issuer specified is not a DOD approved certificate authority, this is a finding.\n  \"\n  desc 'fix', \"\n    Obtain a DOD-issued certificate and private key for each vCenter in the system following the requirements below:\n\n    Key size: 2048 bits or more (PEM encoded)\n    CRT format (Base-64)\n    x509 version 3\n    SubjectAltName must contain DNS Name=&lt;machine_FQDN&gt;\n    Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment\n\n    Export the entire certificate issuing chain up to the root in Base-64 format. Concatenate the individual certificates into one file with the \\\".cer\\\" extension.\n\n    From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.\n\n    Click Actions &gt;&gt; Import and Replace Certificate.\n\n    Select the \\\"Replace with external CA certificate\\\" radio button and click \\\"Next\\\".\n\n    Supply the CA-issued certificate , the exported roots file, and the private key.\n\n    Click \\\"Replace\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000427'\n  tag gid: 'V-VCSA-80-000195'\n  tag rid: 'SV-VCSA-80-000195'\n  tag stig_id: 'VCSA-80-000195'\n  tag cci: ['CCI-002470']\n  tag nist: ['SC-23 (5)']\n\n  vcenter = powercli_command('$global:DefaultViServers.Name').stdout.strip\n  describe ssl_certificate(host: \"#{vcenter}\", port: 443) do\n    its('issuer_organization') { should cmp 'U.S. Government' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002470</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST ssl_certificate for '10.186.30.81' issuer_organization is expected to cmp == "U.S. Government" :: MESSAGE 
+expected: U.S. Government
+     got: sc2-10-186-30-81.eng.vmware.com
 
-Find the &quot;log.rotateSize&quot; value and set it to &quot;2048000&quot;.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000428</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enable data at rest encryption for vSAN.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Applications handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
 
-If the setting does not exist no action is needed.
+Data encryption is a common technique used in environments that require additional levels of security.  It consists of a process to ensure that data can only be consumed by systems that have appropriate levels of access.  Approved systems must have and use the appropriate cryptographic keys to encrypt and decrypt the data.  Systems that do not have the keys will not be able to consume the data in any meaningful way, as it will remain encrypted in accordance to the commonly used Advanced Encryption Standard (AES) from the National Institute of Standards and Technology, or NIST.
+
+vSAN supports Data-At-Rest Encryption and Data-in-Transit Encryption and uses an AES 256 cipher. Data is encrypted after all other processing, such as deduplication, is performed. Data at rest encryption protects data on storage devices, in case a device is removed from the cluster.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
+
+From the vSphere Client, go to Host and Clusters.
+
+Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
+
+Review the "Data-at-rest encryption" status.
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name log.rotateSize | Set-AdvancedSetting -Value 2048000
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>4554aa41-fff8-48b3-874b-01dc7222f8b8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;2048000&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;2048000&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;2048000&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000206</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must configure log retention.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.
+Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Get-VsanClusterConfiguration | Select-Object Name,EncryptionEnabled
 
-By default, 10 of these logs are retained. This is normally sufficient for most environments, but this configuration must be verified and maintained.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If "Data-At-Rest encryption" is not enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
 
-Verify the &quot;log.keepOld&quot; value is set to &quot;10&quot;.
+Click "Edit".
+
+Enable "Data-At-Rest encryption" and select a pre-configured key provider from the drop down. Click "Apply".
+
+Note: Before enabling, read and understand the operational implications of enabling data at rest encryption in vSAN and how it effects capacity, performance, and recovery scenarios.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000196' do\n  title 'The vCenter Server must enable data at rest encryption for vSAN.'\n  desc  \"\n    Applications handling data requiring \\\"data at rest\\\" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.\n\n    Data encryption is a common technique used in environments that require additional levels of security.  It consists of a process to ensure that data can only be consumed by systems that have appropriate levels of access.  Approved systems must have and use the appropriate cryptographic keys to encrypt and decrypt the data.  Systems that do not have the keys will not be able to consume the data in any meaningful way, as it will remain encrypted in accordance to the commonly used Advanced Encryption Standard (AES) from the National Institute of Standards and Technology, or NIST.\n\n    vSAN supports Data-At-Rest Encryption and Data-in-Transit Encryption and uses an AES 256 cipher. Data is encrypted after all other processing, such as deduplication, is performed. Data at rest encryption protects data on storage devices, in case a device is removed from the cluster.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If no clusters are enabled for vSAN, this is not applicable.\n\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.\n\n    Review the \\\"Data-at-rest encryption\\\" status.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Get-VsanClusterConfiguration | Select-Object Name,EncryptionEnabled\n\n    If \\\"Data-At-Rest encryption\\\" is not enabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.\n\n    Click \\\"Edit\\\".\n\n    Enable \\\"Data-At-Rest encryption\\\" and select a pre-configured key provider from the drop down. Click \\\"Apply\\\".\n\n    Note: Before enabling, read and understand the operational implications of enabling data at rest encryption in vSAN and how it effects capacity, performance, and recovery scenarios.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000428'\n  tag gid: 'V-VCSA-80-000196'\n  tag rid: 'SV-VCSA-80-000196'\n  tag stig_id: 'VCSA-80-000196'\n  tag cci: ['CCI-002475']\n  tag nist: ['SC-28 (1)']\n\n  # Get all clusters with vSAN enabled\n  clusters = powercli_command('Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Sort-Object | Select-Object -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if !clusters.empty?\n    clusters.each do |cluster|\n      command = \"Get-Cluster -Name #{cluster} | Get-VsanClusterConfiguration | Select-Object -ExpandProperty EncryptionEnabled\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No clusters with vSAN enabled found...skipping tests' do\n      skip 'No clusters with vSAN enabled found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002475</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-Cluster -Name cluster0 | Get-VsanClusterConfiguration | Select-Object -ExpandProperty EncryptionEnabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: False
 
-or
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000248</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000248</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000248</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable the Customer Experience Improvement Program (CEIP).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The VMware CEIP sends VMware anonymized system information that is used to improve the quality, reliability, and functionality of VMware products and services. For confidentiality purposes this feature must be disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If Customer Experience Improvement "Program Status" is "Joined", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name log.keepOld
+Click "Leave Program".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000248' do\n  title 'The vCenter Server must disable the Customer Experience Improvement Program (CEIP).'\n  desc  'The VMware CEIP sends VMware anonymized system information that is used to improve the quality, reliability, and functionality of VMware products and services. For confidentiality purposes this feature must be disabled.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.\n\n    If Customer Experience Improvement \\\"Program Status\\\" is \\\"Joined\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.\n\n    Click \\\"Leave Program\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000248'\n  tag rid: 'SV-VCSA-80-000248'\n  tag stig_id: 'VCSA-80-000248'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000575</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000253</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must enforce SNMPv3 security features where SNMP is required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. SNMPv3 can be configured for identification and cryptographically based authentication.
 
-If the virtual machine advanced setting &quot;log.keepOld&quot; is not set to &quot;10&quot;, this is a finding.
+SNMPv3 defines a user-based security model (USM) and a view-based access control model (VACM). SNMPv3 USM provides data integrity, data origin authentication, message replay protection, and protection against disclosure of the message payload. SNMPv3 VACM provides access control to determine whether a specific type of access (read or write) to the management information is allowed. Implement both VACM and USM for full protection.
 
-If the virtual machine advanced setting &quot;log.keepOld&quot; does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+SNMPv3 must be disabled by default and enabled only if used. SNMP v3 provides security feature enhancements to SNMP, including encryption and message authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following commands:
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
+# appliancesh
+# snmp.get
 
-Find the &quot;log.keepOld&quot; value and set it to &quot;10&quot;.
+Note: The "appliancesh" command is not needed if the default shell has not been changed for root.
 
-If the setting does not exist no action is needed.
+If "Enable" is set to "False", this is not a finding.
 
-or
+If "Enable" is set to "True" and "Authentication" is not set to "SHA1", this is a finding.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+If "Enable" is set to "True" and "Privacy" is not set to "AES128", this is a finding.
 
-Get-VM &quot;VM Name&quot; | Get-AdvancedSetting -Name log.keepOld | Set-AdvancedSetting -Value 10
-
-Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5c091d99-c245-43aa-b4b5-9cbd2306fdd6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to be empty
---------------------------------
-passed
-VM: stigvm1 is expected to be empty
---------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;10&quot;
---------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;10&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;10&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000207</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable logging.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If any "Users" are configured with a "Sec_level" that does not equal "priv", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following commands:
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.
+# appliancesh
+# snmp.set --authentication SHA1
+# snmp.set --privacy AES128
 
-Ensure that the checkbox next to &quot;Enable logging&quot; is checked.
+To change the security level of a user, run the following command:
 
-or
+# snmp.set --users &lt;username&gt;/&lt;auth_password&gt; &lt;priv_password&gt;/priv</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000253' do\n  title 'The vCenter server must enforce SNMPv3 security features where SNMP is required.'\n  desc  \"\n    SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. SNMPv3 can be configured for identification and cryptographically based authentication.\n\n    SNMPv3 defines a user-based security model (USM) and a view-based access control model (VACM). SNMPv3 USM provides data integrity, data origin authentication, message replay protection, and protection against disclosure of the message payload. SNMPv3 VACM provides access control to determine whether a specific type of access (read or write) to the management information is allowed. Implement both VACM and USM for full protection.\n\n    SNMPv3 must be disabled by default and enabled only if used. SNMP v3 provides security feature enhancements to SNMP, including encryption and message authentication.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    At the command prompt on the vCenter Server Appliance, run the following commands:\n\n    # appliancesh\n    # snmp.get\n\n    Note: The \\\"appliancesh\\\" command is not needed if the default shell has not been changed for root.\n\n    If \\\"Enable\\\" is set to \\\"False\\\", this is not a finding.\n\n    If \\\"Enable\\\" is set to \\\"True\\\" and \\\"Authentication\\\" is not set to \\\"SHA1\\\", this is a finding.\n\n    If \\\"Enable\\\" is set to \\\"True\\\" and \\\"Privacy\\\" is not set to \\\"AES128\\\", this is a finding.\n\n    If any \\\"Users\\\" are configured with a \\\"Sec_level\\\" that does not equal \\\"priv\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    At the command prompt on the vCenter Server Appliance, run the following commands:\n\n    # appliancesh\n    # snmp.set --authentication SHA1\n    # snmp.set --privacy AES128\n\n    To change the security level of a user, run the following command:\n\n    # snmp.set --users &lt;username&gt;/&lt;auth_password&gt; &lt;priv_password&gt;/priv\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000575'\n  tag gid: 'V-VCSA-80-000253'\n  tag rid: 'SV-VCSA-80-000253'\n  tag stig_id: 'VCSA-80-000253'\n  tag cci: ['CCI-001967']\n  tag nist: ['IA-3 (1)']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000265</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000575</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000265</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000265</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must disable SNMPv1/2 receivers.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. Therefore, SNMPv1/2 receivers must be disabled, while SNMPv3 is configured in another control. vCenter exposes SNMP v1/2 in the UI and SNMPv3 in the CLI.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
 
-Get-VM | Where {$_.ExtensionData.Config.Flags.EnableLogging -ne &quot;True&quot;}
+Click "Edit".
 
-If logging is not enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+On the "SNMP receivers" tab, note the presence of any enabled receiver.
 
-From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.
+If there are any enabled receivers, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Click the checkbox next to &quot;Enable logging&quot;. Click &quot;OK&quot;.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
 
-or
+Click "Edit".
+
+On the "SNMP receivers" tab, ensure all receivers are disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000265' do\n  title 'The vCenter server must disable SNMPv1/2 receivers.'\n  desc  'SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. Therefore, SNMPv1/2 receivers must be disabled, while SNMPv3 is configured in another control. vCenter exposes SNMP v1/2 in the UI and SNMPv3 in the CLI.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.\n\n    Click \\\"Edit\\\".\n\n    On the \\\"SNMP receivers\\\" tab, note the presence of any enabled receiver.\n\n    If there are any enabled receivers, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.\n\n    Click \\\"Edit\\\".\n\n    On the \\\"SNMP receivers\\\" tab, ensure all receivers are disabled.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000575'\n  tag gid: 'V-VCSA-80-000265'\n  tag rid: 'SV-VCSA-80-000265'\n  tag stig_id: 'VCSA-80-000265'\n  tag cci: ['CCI-001967']\n  tag nist: ['IA-3 (1)']\n\n  command = \"(Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.1.enabled'} | Select-Object -ExpandProperty Value\"\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'False' }\n  end\n  command = \"(Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.2.enabled'} | Select-Object -ExpandProperty Value\"\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'False' }\n  end\n  command = \"(Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.3.enabled'} | Select-Object -ExpandProperty Value\"\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'False' }\n  end\n  command = \"(Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.4.enabled'} | Select-Object -ExpandProperty Value\"\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'False' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.1.enabled'} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "False" :: MESSAGE 
+expected: False
+     got: True
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+(compared using `cmp` matcher)
 
-$spec &#x3D; New-Object VMware.Vim.VirtualMachineConfigSpec
-$spec.Flags &#x3D; New-Object VMware.Vim.VirtualMachineFlagInfo
-$spec.Flags.enableLogging &#x3D; $true
-(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1ca92941-615f-4e0b-b5e1-c03d8073948b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VM: stig vm2 is expected to cmp &#x3D;&#x3D; &quot;true&quot;
 --------------------------------
-passed
-VM: stigvm1 is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+passed :: TEST PowerCLI Command: (Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.2.enabled'} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "False"
 --------------------------------
-passed
-VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+passed :: TEST PowerCLI Command: (Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.3.enabled'} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "False"
 --------------------------------
-passed
-VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp &#x3D;&#x3D; &quot;true&quot;
---------------------------------
-passed
-VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000208</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must not use independent, non-persistent disks.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces they were ever on the machine. To safeguard against this risk, production virtual machines should be set to use persistent disk mode; additionally, ensure activity within the VM is logged remotely on a separate server, such as a syslog server or equivalent Windows-based event collector. Without a persistent record of activity on a VM, administrators might never know whether they have been attacked or hacked.
-
-There can be valid use cases for these types of disks, such as with an application presentation solution where read-only disks are desired, and such cases should be identified and documented.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+passed :: TEST PowerCLI Command: (Get-View -Id 'OptionManager-VpxSettings').setting | Where-Object {$_.key -match 'snmp.receiver.4.enabled'} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "False"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000266</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000266</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000266</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By requiring that Single Sign-On (SSO) accounts be unlocked manually, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. When the account unlock time is set to zero, once an account is locked it can only be unlocked manually by an administrator.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+View the value of the "Unlock time" setting.
 
-Review the attached hard disks and verify they are not configured as independent nonpersistent disks.
+Unlock time: 0 seconds
 
-or
+If the lockout policy is not configured with "Unlock time" policy of "0", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Click "Edit".
+
+Set the "Unlock time" to "0" and click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000266' do\n  title 'The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.'\n  desc  'By requiring that Single Sign-On (SSO) accounts be unlocked manually, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. When the account unlock time is set to zero, once an account is locked it can only be unlocked manually by an administrator.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    View the value of the \\\"Unlock time\\\" setting.\n\n    Unlock time: 0 seconds\n\n    If the lockout policy is not configured with \\\"Unlock time\\\" policy of \\\"0\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.\n\n    Click \\\"Edit\\\".\n\n    Set the \\\"Unlock time\\\" to \\\"0\\\" and click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000345'\n  tag gid: 'V-VCSA-80-000266'\n  tag rid: 'SV-VCSA-80-000266'\n  tag stig_id: 'VCSA-80-000266'\n  tag cci: ['CCI-002238']\n  tag nist: ['AC-7 b']\n\n  command = '(Get-SsoLockoutPolicy).AutoUnlockIntervalSec'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp '0' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoLockoutPolicy).AutoUnlockIntervalSec stdout.strip is expected to cmp == "0" :: MESSAGE 
+expected: 0
+     got: 300
 
-Get-VM &quot;VM Name&quot; | Get-HardDisk | Select Parent, Name, Filename, DiskType, Persistence | FT -AutoSize
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000267</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000267</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000267</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable the distributed virtual switch health check.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Network health check is disabled by default. Once enabled, the health check packets contain information on host#, vds#, and port#, which an attacker would find useful. It is recommended that network health check be used for troubleshooting and turned off when troubleshooting is finished.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-If the virtual machine has attached disks that are in independent nonpersistent mode and are not documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+From the vSphere Client, go to "Networking".
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.
 
-Select the target hard disk and change the mode to persistent or uncheck Independent.
+View the health check pane and verify the "VLAN and MTU" and "Teaming and failover" checks are "Disabled".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run one of the following commands:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Get-VM &quot;VM Name&quot; | Get-HardDisk | Set-HardDisk -Persistence IndependentPersistent
+$vds = Get-VDSwitch
+$vds.ExtensionData.Config.HealthCheckConfig
 
-or
+If the health check feature is enabled on distributed switches and is not on temporarily for troubleshooting purposes, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Get-VM &quot;VM Name&quot; | Get-HardDisk | Set-HardDisk -Persistence Persistent</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7d113aef-3f31-4cb0-bb77-e8723bab1f86</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for Non-Persistent Hard Disks is expected not to cmp &#x3D;&#x3D; &quot;IndependentNonPersistent&quot;
---------------------------------
-passed
-Checking the VM: stigvm1 for Non-Persistent Hard Disks is expected not to cmp &#x3D;&#x3D; &quot;IndependentNonPersistent&quot;
---------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for Non-Persistent Hard Disks is expected not to cmp &#x3D;&#x3D; &quot;IndependentNonPersistent&quot;
---------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for Non-Persistent Hard Disks is expected not to cmp &#x3D;&#x3D; &quot;IndependentNonPersistent&quot;
---------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for Non-Persistent Hard Disks is expected not to cmp &#x3D;&#x3D; &quot;IndependentNonPersistent&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000209</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded floppy devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD&#x2F;DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Click "Edit".
 
-Get-VM | Get-FloppyDrive | Select Parent, Name, ConnectionState
+Disable the "VLAN and MTU" and "Teaming and failover" checks.
 
-If a virtual machine has a floppy drive connected, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+Click "OK".
 
-The VM must be powered off to remove a floppy drive.
+or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VM &quot;VM Name&quot; | Get-FloppyDrive | Remove-FloppyDrive</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c59a5770-7639-46aa-94b1-c7c2e26a37b2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for Floppy drives is expected to be empty
---------------------------------
-passed
-Checking the VM: stigvm1 for Floppy drives is expected to be empty
+Get-View -ViewType DistributedVirtualSwitch | ?{($_.config.HealthCheckConfig | ?{$_.enable -notmatch "False"})}| %{$_.UpdateDVSHealthCheckConfig(@((New-Object Vmware.Vim.VMwareDVSVlanMtuHealthCheckConfig -property @{enable=0}),(New-Object Vmware.Vim.VMwareDVSTeamingHealthCheckConfig -property @{enable=0})))}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000267' do\n  title 'The vCenter Server must disable the distributed virtual switch health check.'\n  desc  'Network health check is disabled by default. Once enabled, the health check packets contain information on host#, vds#, and port#, which an attacker would find useful. It is recommended that network health check be used for troubleshooting and turned off when troubleshooting is finished.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.\n\n    View the health check pane and verify the \\\"VLAN and MTU\\\" and \\\"Teaming and failover\\\" checks are \\\"Disabled\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    $vds = Get-VDSwitch\n    $vds.ExtensionData.Config.HealthCheckConfig\n\n    If the health check feature is enabled on distributed switches and is not on temporarily for troubleshooting purposes, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.\n\n    Click \\\"Edit\\\".\n\n    Disable the \\\"VLAN and MTU\\\" and \\\"Teaming and failover\\\" checks.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-View -ViewType DistributedVirtualSwitch | ?{($_.config.HealthCheckConfig | ?{$_.enable -notmatch \\\"False\\\"})}| %{$_.UpdateDVSHealthCheckConfig(@((New-Object Vmware.Vim.VMwareDVSVlanMtuHealthCheckConfig -property @{enable=0}),(New-Object Vmware.Vim.VMwareDVSTeamingHealthCheckConfig -property @{enable=0})))}\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000267'\n  tag rid: 'SV-VCSA-80-000267'\n  tag stig_id: 'VCSA-80-000267'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\").ExtensionData.Config.HealthCheckConfig | Select-Object -ExpandProperty Enable\"\n      checks = powercli_command(command)\n      checks.stdout.split.each do |hc|\n        describe \"Health check for #{vds}\" do\n          subject { hc }\n          it { should cmp 'false' }\n        end\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Health check for VDSwitch STIG 1 is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for Floppy drives is expected to be empty
+passed :: TEST Health check for VDSwitch STIG 1 is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for Floppy drives is expected to be empty
+passed :: TEST Health check for VDSwitch STIG 2 is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for Floppy drives is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000210</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded CD&#x2F;DVD devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD&#x2F;DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+passed :: TEST Health check for VDSwitch STIG 2 is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000268</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000268</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000268</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Forged Transmits policy to "Reject".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the virtual machine operating system changes the Media Access Control (MAC) address, the operating system can send frames with an impersonated source MAC address at any time. This allows an operating system to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
+
+When the "Forged Transmits" option is set to "Accept", ESXi does not compare source and effective MAC addresses.
+
+To protect against MAC impersonation, set the "Forged Transmits" option to "Reject". The host compares the source MAC address being transmitted by the guest operating system with the effective MAC address for its virtual machine adapter to determine if they match. If the addresses do not match, the ESXi host drops the packet.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+
+From the vSphere Client, go to "Networking".
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-Review the VMs hardware and verify no CD&#x2F;DVD drives are connected.
+Verify "Forged Transmits" is set to "Reject".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent,Name
+Get-VDSwitch | Get-VDSecurityPolicy
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
 
-If a virtual machine has a CD&#x2F;DVD drive connected other than temporarily, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+If the "Forged Transmits" policy is set to accept for a non-uplink port, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
+
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+
+Click "Edit".
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Click the "Security" tab.
 
-Select the CD&#x2F;DVD drive and uncheck &quot;Connected&quot; and &quot;Connect at power on&quot; and remove any attached ISOs.
+Set "Forged Transmits" to "Reject".
+
+Click "OK".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Get-VM &quot;VM Name&quot; | Get-CDDrive | Set-CDDrive -NoMedia</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>82f29342-3998-4048-8e3c-86a3c7def730</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for CD&#x2F;DVD drives is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000268' do\n  title 'The vCenter Server must set the distributed port group Forged Transmits policy to \"Reject\".'\n  desc  \"\n    If the virtual machine operating system changes the Media Access Control (MAC) address, the operating system can send frames with an impersonated source MAC address at any time. This allows an operating system to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.\n\n    When the \\\"Forged Transmits\\\" option is set to \\\"Accept\\\", ESXi does not compare source and effective MAC addresses.\n\n    To protect against MAC impersonation, set the \\\"Forged Transmits\\\" option to \\\"Reject\\\". The host compares the source MAC address being transmitted by the guest operating system with the effective MAC address for its virtual machine adapter to determine if they match. If the addresses do not match, the ESXi host drops the packet.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Verify \\\"Forged Transmits\\\" is set to \\\"Reject\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy\n\n    If the \\\"Forged Transmits\\\" policy is set to accept for a non-uplink port, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"Security\\\" tab.\n\n    Set \\\"Forged Transmits\\\" to \\\"Reject\\\".\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000268'\n  tag rid: 'SV-VCSA-80-000268'\n  tag stig_id: 'VCSA-80-000268'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\n\n  command = 'Get-VDPortgroup | Where-Object {$_.IsUplink -eq $false} | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: stigvm1 for CD&#x2F;DVD drives is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for CD&#x2F;DVD drives is expected to be empty
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for CD&#x2F;DVD drives is expected to be empty
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for CD&#x2F;DVD drives is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded parallel devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD&#x2F;DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4") | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000269</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000269</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000269</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to "Reject".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. This allows it to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+This will prevent virtual machines from changing their effective MAC address and will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match &quot;parallel&quot;}
+From the vSphere Client, go to "Networking".
 
-If a virtual machine has a parallel device present, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-The VM must be powered off to remove a parallel device.
+Verify "MAC Address Changes" is set to "Reject".
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+or
 
-$pport &#x3D; (Get-VM -Name &lt;vmname&gt;).ExtensionData.Config.Hardware.Device | Where {$_.DeviceInfo.Label -match &quot;Parallel&quot;}
-$spec &#x3D; New-Object VMware.Vim.VirtualMachineConfigSpec
-$spec.DeviceChange +&#x3D; New-Object VMware.Vim.VirtualDeviceConfigSpec
-$spec.DeviceChange[-1].device &#x3D; $pport
-$spec.DeviceChange[-1].operation &#x3D; &quot;remove&quot;
-(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c50dc5d3-01a9-477e-bffe-63382022c1cb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for parallel devices is expected not to match &quot;Parallel&quot;
---------------------------------
-passed
-Checking the VM: stigvm1 for parallel devices is expected not to match &quot;Parallel&quot;
---------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for parallel devices is expected not to match &quot;Parallel&quot;
---------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for parallel devices is expected not to match &quot;Parallel&quot;
---------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for parallel devices is expected not to match &quot;Parallel&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000212</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded serial devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD&#x2F;DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Get-VDSwitch | Get-VDSecurityPolicy
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
 
-Review the VMs hardware and verify no serial devices exist.
+If the "MAC Address Changes" policy is set to accept, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-or
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Click "Edit".
 
-Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match &quot;serial&quot;}
+Click the "Security" tab.
 
-If a virtual machine has a serial device present, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The VM must be powered off to remove a serial device.
+Set "MAC Address Changes" to "Reject".
 
-For each virtual machine do the following:
+Click "OK".
+
+or
+
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
-
-Select the serial device, click the circled &quot;X&quot; to remove it, and click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dcf120d1-50da-49e9-8a96-38fd0df44682</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for serial devices is expected not to match &quot;Serial&quot;
+Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000269' do\n  title 'The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to \"Reject\".'\n  desc  \"\n    If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. This allows it to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.\n\n    This will prevent virtual machines from changing their effective MAC address and will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Verify \\\"MAC Address Changes\\\" is set to \\\"Reject\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy\n\n    If the \\\"MAC Address Changes\\\" policy is set to accept, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"Security\\\" tab.\n\n    Set \\\"MAC Address Changes\\\" to \\\"Reject\\\".\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000269'\n  tag rid: 'SV-VCSA-80-000269'\n  tag stig_id: 'VCSA-80-000269'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\n\n  command = 'Get-VDPortgroup | Where-Object {$_.IsUplink -eq $false} | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: stigvm1 for serial devices is expected not to match &quot;Serial&quot;
+passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for serial devices is expected not to match &quot;Serial&quot;
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for serial devices is expected not to match &quot;Serial&quot;
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for serial devices is expected not to match &quot;Serial&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000213</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded USB devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD&#x2F;DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4") | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000270</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Promiscuous Mode policy to "Reject".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When promiscuous mode is enabled for a virtual switch, all virtual machines connected to the port group have the potential of reading all packets across that network, meaning only the virtual machines connected to that port group.
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Review the VMs hardware and verify no USB devices exist.
+From the vSphere Client, go to "Networking".
+
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+
+Verify "Promiscuous Mode" is set to "Reject".
 
 or
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match &quot;usb&quot;}
-Get-VM | Get-UsbDevice
+Get-VDSwitch | Get-VDSecurityPolicy
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
 
-If a virtual machine has any USB devices or USB controllers present, this is a finding.
+If the "Promiscuous Mode" policy is set to accept, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-If USB smart card readers are used to pass smart cards through the VM console to a VM, the use of a USB controller and USB devices for that purpose is not a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
+Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-From the vSphere Client, right-click the Virtual Machine and go to &quot;Edit Settings&quot;.
+Click "Edit".
 
-Select the USB controller, click the circled &quot;X&quot; to remove it, and click &quot;OK&quot;.
+Click the "Security" tab.
 
-or
+Set "Promiscuous Mode" to "Reject".
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Click "OK".
 
-Get-VM &quot;VM Name&quot; | Get-USBDevice | Remove-USBDevice
-
-Note:  This will not remove the USB controller, just any connected devices.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6e8c4b4d-898b-4dea-819a-f7e67a47cc41</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-Checking the VM: stig vm2 for USB devices is expected not to match &quot;USB&quot;
-expected &quot;IDE 0\r\nIDE 1\r\nPS2 controller 0\r\nPCI controller 0\r\nSIO controller 0\r\nKeyboard \r\nPointing ...er \r\nSCSI controller 0\r\nSATA controller 0\r\nCD&#x2F;DVD drive 1\r\nHard disk 1\r\nNetwork adapter 1&quot; not to match &quot;USB&quot;
-Diff:
-@@ -1,15 +1,29 @@
--USB
-+IDE 0
-+IDE 1
-+PS2 controller 0
-+PCI controller 0
-+SIO controller 0
-+Keyboard 
-+Pointing device
-+Video card 
-+VMCI device
-+USB xHCI controller 
-+SCSI controller 0
-+SATA controller 0
-+CD&#x2F;DVD drive 1
-+Hard disk 1
-+Network adapter 1
+or
 
---------------------------------
-failed
-Checking the VM: stigvm1 for USB devices is expected not to match &quot;USB&quot;
-expected &quot;IDE 0\r\nIDE 1\r\nPS2 controller 0\r\nPCI controller 0\r\nSIO controller 0\r\nKeyboard \r\nPointing ...er \r\nSCSI controller 0\r\nSATA controller 0\r\nCD&#x2F;DVD drive 1\r\nHard disk 1\r\nNetwork adapter 1&quot; not to match &quot;USB&quot;
-Diff:
-@@ -1,15 +1,29 @@
--USB
-+IDE 0
-+IDE 1
-+PS2 controller 0
-+PCI controller 0
-+SIO controller 0
-+Keyboard 
-+Pointing device
-+Video card 
-+VMCI device
-+USB xHCI controller 
-+SCSI controller 0
-+SATA controller 0
-+CD&#x2F;DVD drive 1
-+Hard disk 1
-+Network adapter 1
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
+Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false
+Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000270' do\n  title 'The vCenter Server must set the distributed port group Promiscuous Mode policy to \"Reject\".'\n  desc  \"\n    When promiscuous mode is enabled for a virtual switch, all virtual machines connected to the port group have the potential of reading all packets across that network, meaning only the virtual machines connected to that port group.\n\n    Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Verify \\\"Promiscuous Mode\\\" is set to \\\"Reject\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy\n\n    If the \\\"Promiscuous Mode\\\" policy is set to accept, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"Security\\\" tab.\n\n    Set \\\"Promiscuous Mode\\\" to \\\"Reject\\\".\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false\n    Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000270'\n  tag rid: 'SV-VCSA-80-000270'\n  tag stig_id: 'VCSA-80-000270'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\n\n  command = 'Get-VDPortgroup | Where-Object {$_.IsUplink -eq $false} | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'false' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for USB devices is expected not to match &quot;USB&quot;
+passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for USB devices is expected not to match &quot;USB&quot;
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"
 --------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for USB devices is expected not to match &quot;USB&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VMCH-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VMCH-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMCH-80-000214</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable DirectPath I&#x2F;O devices when not required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VMDirectPath I&#x2F;O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with minimal intervention from the ESXi host. This is a powerful feature for legitimate applications such as virtualized storage appliances, backup appliances, dedicated graphics, etc., but it also allows a potential attacker highly privileged access to underlying hardware and the PCI bus.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For each virtual machine do the following:
-
-From the vSphere Client, view the Summary tab.
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4") | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000271</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000271</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000271</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must only send NetFlow traffic to authorized collectors.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The distributed virtual switch can export NetFlow information about traffic crossing the switch. NetFlow exports are not encrypted and can contain information about the virtual network, making it easier for a man-in-the-middle attack to be executed successfully. If NetFlow export is required, verify that all NetFlow target Internet Protocols (IPs) are correct.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Review the PCI devices section and verify none exist.
+To view NetFlow Collector IPs configured on distributed switches:
 
-or
+From the vSphere Client, go to "Networking".
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.
 
-Get-VM &quot;VM Name&quot; | Get-PassthroughDevice
+View the NetFlow pane and verify any collector IP addresses are valid and in use for troubleshooting.
 
-If the virtual machine has passthrough devices present, and the specific device returned is not approved, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, select the Virtual Machine, right click and go to Edit Settings &gt;&gt; Virtual Hardware tab.
+or
 
-Find the unexpected PCI device returned from the check.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Hover the mouse over the device and click the circled &quot;X&quot; to remove the device. Click &quot;OK&quot;.
+Get-VDSwitch | select Name,@{N="NetFlowCollectorIPs";E={$_.ExtensionData.config.IpfixConfig.CollectorIpAddress}}
 
-or
+To view if NetFlow is enabled on any distributed port groups:
 
-From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+From the vSphere Client, go to "Networking".
 
-Get-VM &quot;VM Name&quot; | Get-PassthroughDevice | Remove-PassthroughDevice</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c1262eac-eaea-45e7-a9a5-f0f0ea2b0258</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Checking the VM: stig vm2 for PCI passthrough devices is expected to be empty
---------------------------------
-passed
-Checking the VM: stigvm1 for PCI passthrough devices is expected to be empty
---------------------------------
-passed
-Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for PCI passthrough devices is expected to be empty
---------------------------------
-passed
-Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for PCI passthrough devices is expected to be empty
---------------------------------
-passed
-Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for PCI passthrough devices is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following command:
+Select a distributed port group &gt;&gt; Manage &gt;&gt; Settings &gt;&gt; Policies.
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware-TlsReconfigurator&#x2F;VcTlsReconfigurator&#x2F;reconfigureVc scan
+Go to "Monitoring" and view the NetFlow status.
 
-If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following command:
+or
 
-# &#x2F;usr&#x2F;lib&#x2F;vmware-TlsReconfigurator&#x2F;VcTlsReconfigurator&#x2F;reconfigureVc update -p TLSv1.2
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-vCenter services will be restarted as part of the reconfiguration. The operating system will not be restarted.
+Get-VDPortgroup | Select Name,VirtualSwitch,@{N="NetFlowEnabled";E={$_.Extensiondata.Config.defaultPortConfig.ipfixEnabled.Value}}
 
-The &quot;--no-restart&quot; flag can be added to restart services at a later time.
-
-Changes will not take effect until all services are restarted or the appliance is rebooted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>62759690-289a-4453-b8bc-c9d791228c06</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000382</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001184</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001453</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001941</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001942</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002420</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002421</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002422</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000065</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000023</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
+If NetFlow is configured and the collector IP is not known and documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To remove collector IPs, do the following:
 
-The following lockout policy should be set as follows:
+From the vSphere Client, go to "Networking".
 
-Maximum number of failed login attempts: 3
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.
 
-If this account lockout policy is not configured as stated, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
+Click "Edit".
 
-Click &quot;Edit&quot;.
-
-Set the &quot;Maximum number of failed login attempts&quot; to &quot;3&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2ae67084-9909-42f7-9601-96ce276a8eba</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000044</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoLockoutPolicy).MaxFailedAttempts stdout.strip is expected to cmp &#x3D;&#x3D; &quot;3&quot;
+Remove any unknown collector IPs.
 
-expected: 3
-     got: 5
+or
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000024</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000068</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000024</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000024</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before logon.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Display of the DOD-approved use notification before granting access to the application ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.
+$dvs = Get-VDSwitch dvswitch | Get-View
+ForEach($vs in $dvs){
+$spec = New-Object VMware.Vim.VMwareDVSConfigSpec
+$spec.configversion = $vs.Config.ConfigVersion
+$spec.IpfixConfig = New-Object VMware.Vim.VMwareIpfixConfig
+$spec.IpfixConfig.CollectorIpAddress = ""
+$spec.IpfixConfig.CollectorPort = "0"
+$spec.IpfixConfig.ActiveFlowTimeout = "60"
+$spec.IpfixConfig.IdleFlowTimeout = "15"
+$spec.IpfixConfig.SamplingRate = "0"
+$spec.IpfixConfig.InternalFlowsOnly = $False
+$vs.ReconfigureDvs_Task($spec)
+}
 
-The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for applications that can accommodate banners of 1300 characters:
+Note: This will reset the NetFlow collector configuration back to the defaults.
 
-&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+To disable NetFlow on a distributed port group, do the following:
 
-By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+From the vSphere Client, go to "Networking".
 
--The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
--At any time, the USG may inspect and seize data stored on this IS.
+Click "Edit".
 
--Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+Click the "Monitoring" tab.
 
--This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+Change "NetFlow" to "Disabled".
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
+or
 
-Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-&quot;I&#39;ve read (literal ampersand) consent to terms in IS user agreem&#39;t.&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.
+$pgs = Get-VDPortgroup | Get-View
+ForEach($pg in $pgs){
+$spec = New-Object VMware.Vim.DVPortgroupConfigSpec
+$spec.configversion = $pg.Config.ConfigVersion
+$spec.defaultPortConfig = New-Object VMware.Vim.VMwareDVSPortSetting
+$spec.defaultPortConfig.ipfixEnabled = New-Object VMware.Vim.BoolPolicy
+$spec.defaultPortConfig.ipfixEnabled.inherited = $false
+$spec.defaultPortConfig.ipfixEnabled.value = $false
+$pg.ReconfigureDVPortgroup_Task($spec)
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000271' do\n  title 'The vCenter Server must only send NetFlow traffic to authorized collectors.'\n  desc  'The distributed virtual switch can export NetFlow information about traffic crossing the switch. NetFlow exports are not encrypted and can contain information about the virtual network, making it easier for a man-in-the-middle attack to be executed successfully. If NetFlow export is required, verify that all NetFlow target Internet Protocols (IPs) are correct.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    To view NetFlow Collector IPs configured on distributed switches:\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.\n\n    View the NetFlow pane and verify any collector IP addresses are valid and in use for troubleshooting.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDSwitch | select Name,@{N=\\\"NetFlowCollectorIPs\\\";E={$_.ExtensionData.config.IpfixConfig.CollectorIpAddress}}\n\n    To view if NetFlow is enabled on any distributed port groups:\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed port group &gt;&gt; Manage &gt;&gt; Settings &gt;&gt; Policies.\n\n    Go to \\\"Monitoring\\\" and view the NetFlow status.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup | Select Name,VirtualSwitch,@{N=\\\"NetFlowEnabled\\\";E={$_.Extensiondata.Config.defaultPortConfig.ipfixEnabled.Value}}\n\n    If NetFlow is configured and the collector IP is not known and documented, this is a finding.\n  \"\n  desc 'fix', \"\n    To remove collector IPs, do the following:\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.\n\n    Click \\\"Edit\\\".\n\n    Remove any unknown collector IPs.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    $dvs = Get-VDSwitch dvswitch | Get-View\n    ForEach($vs in $dvs){\n    $spec = New-Object VMware.Vim.VMwareDVSConfigSpec\n    $spec.configversion = $vs.Config.ConfigVersion\n    $spec.IpfixConfig = New-Object VMware.Vim.VMwareIpfixConfig\n    $spec.IpfixConfig.CollectorIpAddress = \\\"\\\"\n    $spec.IpfixConfig.CollectorPort = \\\"0\\\"\n    $spec.IpfixConfig.ActiveFlowTimeout = \\\"60\\\"\n    $spec.IpfixConfig.IdleFlowTimeout = \\\"15\\\"\n    $spec.IpfixConfig.SamplingRate = \\\"0\\\"\n    $spec.IpfixConfig.InternalFlowsOnly = $False\n    $vs.ReconfigureDvs_Task($spec)\n    }\n\n    Note: This will reset the NetFlow collector configuration back to the defaults.\n\n    To disable NetFlow on a distributed port group, do the following:\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"Monitoring\\\" tab.\n\n    Change \\\"NetFlow\\\" to \\\"Disabled\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    $pgs = Get-VDPortgroup | Get-View\n    ForEach($pg in $pgs){\n    $spec = New-Object VMware.Vim.DVPortgroupConfigSpec\n    $spec.configversion = $pg.Config.ConfigVersion\n    $spec.defaultPortConfig = New-Object VMware.Vim.VMwareDVSPortSetting\n    $spec.defaultPortConfig.ipfixEnabled = New-Object VMware.Vim.BoolPolicy\n    $spec.defaultPortConfig.ipfixEnabled.inherited = $false\n    $spec.defaultPortConfig.ipfixEnabled.value = $false\n    $pg.ReconfigureDVPortgroup_Task($spec)\n    }\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000271'\n  tag rid: 'SV-VCSA-80-000271'\n  tag stig_id: 'VCSA-80-000271'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.strip.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  if vdswitches.empty?\n    impact 0.0\n    describe '' do\n      skip 'No distributed switches found to check. This is not applicable.'\n    end\n  else\n    setimpact = true\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\").ExtensionData.Config.IpfixConfig.CollectorIpAddress\"\n      result = powercli_command(command).stdout.strip\n      if !result.empty?\n        describe '' do\n          subject { result }\n          it { should cmp \"#{input('ipfixCollectorAddress')}\" }\n        end\n        setimpact = false\n      else\n        describe '' do\n          skip \"Ipfix CollectorIpAddress not configured...skipping #{vds}.\"\n        end\n      end\n    end\n  end\n  unless !setimpact\n    impact 0.0\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE Ipfix CollectorIpAddress not configured...skipping VDSwitch STIG 1.
+--------------------------------
+skipped :: TEST  :: SKIP_MESSAGE Ipfix CollectorIpAddress not configured...skipping VDSwitch STIG 2.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000272</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000272</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000272</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must configure all port groups to a value other than that of the native virtual local area network (VLAN).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>ESXi does not use the concept of native VLAN. Frames with VLAN specified in the port group will have a tag, but frames with VLAN not specified in the port group are not tagged and therefore will end up belonging to native VLAN of the physical switch.
 
-If the selection box next to &quot;Show login message&quot; is disabled, &quot;Details of login message&quot; is not configured to the standard DOD User Agreement, or the &quot;Consent checkbox&quot; is disabled, this is a finding.
+For example, frames on VLAN 1 from a Cisco physical switch will be untagged, because this is considered as the native VLAN. However, frames from ESXi specified as VLAN 1 will be tagged with a "1"; therefore, traffic from ESXi that is destined for the native VLAN will not be correctly routed (because it is tagged with a "1" instead of being untagged), and traffic from the physical switch coming from the native VLAN will not be visible (because it is not tagged).
 
-Note: Refer to vulnerability discussion for user agreement language.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Login Message.
+If the ESXi virtual switch port group uses the native VLAN ID, traffic from those virtual machines will not be visible to the native VLAN on the switch, because the switch is expecting untagged traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Click &quot;Edit&quot;.
-
-Click the &quot;Show login message&quot; slider to enable.
-
-Configure the &quot;Login message&quot; to &quot;DOD User Agreement&quot;.
-
-Click the &quot;Consent checkbox&quot; slider to enable.
-
-Set the &quot;Details of login message&quot; to the Standard Mandatory DOD Notice and Consent Banner text.
-
-Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9d376c7f-6690-4392-8e78-e2f74ce6ed8d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000048</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000050</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001384</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000034</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000034</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000034</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must produce audit records containing information to establish what type of events occurred.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From the vSphere Client, go to "Networking".
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-Verify the &quot;config.log.level&quot; value is set to &quot;info&quot;.
+Review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level and verify it is set to &quot;info&quot;.
+Get-VDPortgroup | select Name, VlanConfiguration
 
-If the &quot;config.log.level&quot; value is not set to &quot;info&quot; or does not exist, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+If any port group is configured with the native VLAN of the ESXi hosts attached physical switch, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+
+Click "Edit".
+
+Click the "VLAN" tab.
+
+Change the VLAN ID to a non-native VLAN.
 
-Click &quot;Edit Settings&quot; and configure the &quot;config.log.level&quot; setting to &quot;info&quot;.
+Click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.log.level | Set-AdvancedSetting -Value info</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>6966a20e-926c-4934-96d5-9538ff788082</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000130</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.log.level | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;info&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000141</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000057</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter Server plugins must be verified.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.
+Get-VDPortgroup "portgroup name" | Set-VDVlanConfiguration -VlanId "New VLAN#"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000272' do\n  title 'The vCenter Server must configure all port groups to a value other than that of the native virtual local area network (VLAN).'\n  desc  \"\n    ESXi does not use the concept of native VLAN. Frames with VLAN specified in the port group will have a tag, but frames with VLAN not specified in the port group are not tagged and therefore will end up belonging to native VLAN of the physical switch.\n\n    For example, frames on VLAN 1 from a Cisco physical switch will be untagged, because this is considered as the native VLAN. However, frames from ESXi specified as VLAN 1 will be tagged with a \\\"1\\\"; therefore, traffic from ESXi that is destined for the native VLAN will not be correctly routed (because it is tagged with a \\\"1\\\" instead of being untagged), and traffic from the physical switch coming from the native VLAN will not be visible (because it is not tagged).\n\n    If the ESXi virtual switch port group uses the native VLAN ID, traffic from those virtual machines will not be visible to the native VLAN on the switch, because the switch is expecting untagged traffic.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup | select Name, VlanConfiguration\n\n    If any port group is configured with the native VLAN of the ESXi hosts attached physical switch, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"VLAN\\\" tab.\n\n    Change the VLAN ID to a non-native VLAN.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup \\\"portgroup name\\\" | Set-VDVlanConfiguration -VlanId \\\"New VLAN#\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000272'\n  tag rid: 'SV-VCSA-80-000272'\n  tag stig_id: 'VCSA-80-000272'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDPortgroup | Where-Object {$_.IsUplink -eq $false} | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not cmp '1' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp == "1"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp == "1"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp == "1"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp == "1"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000273</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000273</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000273</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When a port group is set to VLAN Trunking, the vSwitch passes all network frames in the specified range to the attached virtual machines without modifying the virtual local area network (VLAN) tags. In vSphere, this is referred to as VGT.
 
-vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.
+The virtual machine must process the VLAN information itself via an 802.1Q driver in the operating system. VLAN Trunking must only be implemented if the attached virtual machines have been specifically authorized and are capable of managing VLAN tags themselves.
 
-Additionally, vCenter comes with a number of plugins preinstalled that may or may not be necessary for proper operation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins.
+If VLAN Trunking is enabled inappropriately, it may cause a denial of service or allow a virtual machine to interact with traffic on an unauthorized VLAN.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-View the Installed&#x2F;Available Plug-ins list and verify they are all identified as authorized VMware, third-party (partner), and&#x2F;or site-specific approved plug-ins.
+From the vSphere Client, go to "Networking".
 
-If any installed&#x2F;available plug-ins in the viewable list cannot be verified as allowed vSphere Client plug-ins from trusted sources or are not in active use, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Solutions &gt;&gt; Client Plug-Ins, click the radio button next to the unknown plug-in, and click &quot;Disable&quot;.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-If the plugin will not be needed in the future, proceed to uninstall the plug-in.
+Review the port group "VLAN Type" and "VLAN trunk range", if present.
 
-To uninstall plug-ins, do the following:
+or
 
-If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-In a web browser, navigate to &quot;http:&#x2F;&#x2F;vCenter_Server_name_or_IP&#x2F;mob&quot;, where &quot;vCenter_Server_name_or_IP&#x2F;mob&quot; is the name of the vCenter Server or its IP address.
+Get-VDPortgroup | Where {$_.ExtensionData.Config.Uplink -ne "True"} | Select Name,VlanConfiguration
 
-Click &quot;Content&quot;.
+If any port group is configured with "VLAN trunking" and is not documented as a needed exception (such as NSX appliances), this is a finding.
 
-Click &quot;ExtensionManager&quot;.
+If any port group is authorized to be configured with "VLAN trunking" but is not configured with the most limited range necessary, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Select and copy the name of the plug-in to be removed from the list of values under &quot;Properties&quot;.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-Click &quot;UnregisterExtension&quot;. A new window appears.
+Click "Edit".
 
-Paste the name of the plug-in and click &quot;Invoke Method&quot;. This removes the plug-in.
+Click the "VLAN" tab.
 
-Close the window.
+If "VLAN trunking" is not authorized, remove it by setting "VLAN type" to "VLAN" and configure an appropriate VLAN ID. Click "OK".
 
-Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify the plug-in is removed successfully.
+If "VLAN trunking" is authorized but the range is too broad, modify the range in the "VLAN trunk range" field to the minimum necessary and authorized range. An example range would be "1,3-5,8". Click "OK".
 
-Note: If the plug-in still appears, restart the vSphere Client.
+or
 
-Note: The Managed Object Browser (MOB) may have to be enabled temporarily if it was disabled previously.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b1d2df29-7d9d-4cbb-ad96-90cb8bea782e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000381</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000148</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000059</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command to configure trunking:
 
-Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and any processes acting on behalf of users) must be uniquely identified and authenticated for all accesses except the following.
+Get-VDPortgroup "Portgroup Name" | Set-VDVlanConfiguration -VlanTrunkRange "&lt;VLAN Range(s) comma separated&gt;"
 
-(i) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and
-(ii) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity.
+or
 
-Using Active Directory or an identity provider for authentication provides more robust account management capabilities and accountability.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
+Run this command to configure a single VLAN ID:
 
-If the identity provider type is &quot;embedded&quot; and there is no identity source of type &quot;Active Directory&quot; (either Windows Integrated Authentication or LDAP), this is a finding.
+Get-VDPortgroup "Portgroup Name" | Set-VDVlanConfiguration -VlanId "&lt;New VLAN#&gt;"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000273' do\n  title 'The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.'\n  desc  \"\n    When a port group is set to VLAN Trunking, the vSwitch passes all network frames in the specified range to the attached virtual machines without modifying the virtual local area network (VLAN) tags. In vSphere, this is referred to as VGT.\n\n    The virtual machine must process the VLAN information itself via an 802.1Q driver in the operating system. VLAN Trunking must only be implemented if the attached virtual machines have been specifically authorized and are capable of managing VLAN tags themselves.\n\n    If VLAN Trunking is enabled inappropriately, it may cause a denial of service or allow a virtual machine to interact with traffic on an unauthorized VLAN.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Review the port group \\\"VLAN Type\\\" and \\\"VLAN trunk range\\\", if present.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup | Where {$_.ExtensionData.Config.Uplink -ne \\\"True\\\"} | Select Name,VlanConfiguration\n\n    If any port group is configured with \\\"VLAN trunking\\\" and is not documented as a needed exception (such as NSX appliances), this is a finding.\n\n    If any port group is authorized to be configured with \\\"VLAN trunking\\\" but is not configured with the most limited range necessary, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"VLAN\\\" tab.\n\n    If \\\"VLAN trunking\\\" is not authorized, remove it by setting \\\"VLAN type\\\" to \\\"VLAN\\\" and configure an appropriate VLAN ID. Click \\\"OK\\\".\n\n    If \\\"VLAN trunking\\\" is authorized but the range is too broad, modify the range in the \\\"VLAN trunk range\\\" field to the minimum necessary and authorized range. An example range would be \\\"1,3-5,8\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command to configure trunking:\n\n    Get-VDPortgroup \\\"Portgroup Name\\\" | Set-VDVlanConfiguration -VlanTrunkRange \\\"&lt;VLAN Range(s) comma separated&gt;\\\"\n\n    or\n\n    Run this command to configure a single VLAN ID:\n\n    Get-VDPortgroup \\\"Portgroup Name\\\" | Set-VDVlanConfiguration -VlanId \\\"&lt;New VLAN#&gt;\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000273'\n  tag rid: 'SV-VCSA-80-000273'\n  tag stig_id: 'VCSA-80-000273'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDPortgroup | Where-Object {(($_.IsUplink -eq $false) -and ($_.VlanConfiguration -match \"Trunk\"))} | Select-Object -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    impact 0.0\n    describe '' do\n      skip 'No distributed port groups found to check. This is not applicable.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId.Start\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not cmp '0' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId.End\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not cmp '4094' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST  :: SKIP_MESSAGE No distributed port groups found to check. This is not applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000274</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000274</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000274</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Certain physical switches reserve certain VLAN IDs for internal purposes and often disallow traffic configured to these values. For example, Cisco Catalyst switches typically reserve VLANs 1001 to 1024 and 4094, while Nexus switches typically reserve 3968 to 4094.
 
-If the identity provider type is &quot;Microsoft ADFS&quot; or another supported identity provider, this is NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When using the embedded identity provider type, perform the following:
+Check with the documentation for the organization's specific switch. Using a reserved VLAN might result in a denial of service on the network.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Identity Sources.
+From the vSphere Client, go to "Networking".
 
-Click &quot;Add&quot;.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-Select either &quot;Active Directory over LDAP&quot; or &quot;Active Directory (Windows Integrated Authentication)&quot; and configure appropriately.
+Review the port group VLAN tags and verify that they are not set to a reserved VLAN ID.
 
-Note: Windows Integrated Authentication requires that the vCenter server be joined to Active Directory before configuration via Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Active Directory Domain.
+or
 
-OR
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-To change the identity provider type to a third-party identity provider such as Microsoft ADFS, perform the following:
+Get-VDPortgroup | select Name, VlanConfiguration
 
-From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
+If any port group is configured with a reserved VLAN ID, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Click &quot;Change Identity Provider&quot;.
-
-Select &quot;Microsoft ADFS&quot; and click &quot;Next&quot;.
-
-Enter the ADFS server information and User and Group details and click &quot;Finish&quot;.
-
-For additional information on configuring ADFS for use with vCenter, refer to the vSphere documentation.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>037a109a-3552-4c3b-857a-8f572e830f9a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000770</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000804</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001682</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000149</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000060</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must require multifactor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
 
-Multifactor authentication requires using two or more factors to achieve authentication.
+Click "Edit".
 
-Factors include:
-(i) something a user knows (e.g., password&#x2F;PIN);
-(ii) something a user has (e.g., cryptographic identification device, token); or
-(iii) something a user is (e.g., biometric).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
+Click the "VLAN" tab. Change the VLAN ID to an unreserved VLAN ID.
 
-If the embedded identity provider is used, click on &quot;Smart Card Authentication&quot;.
+Click "OK".
 
-If the embedded identity provider is used and &quot;Smart Card Authentication&quot; is not enabled, this is a finding.
+or
 
-If a third-party identity provider is used, such as Microsoft ADFS, and it does not require multifactor authentication to log on to vCenter, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To configure smart card authentication for vCenter when using the embedded identity provider, refer to the vSphere documentation.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-For vCenter Servers using a third-party identity provider, consult the product&#39;s documentation for enabling multifactor authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e344ab21-e4e1-453a-a6ee-ef1d3fca0186</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000166</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000765</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000766</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001953</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002009</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+Get-VDPortgroup "portgroup name" | Set-VDVlanConfiguration -VlanId "New VLAN#"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000274' do\n  title 'The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches.'\n  desc  \"\n    Certain physical switches reserve certain VLAN IDs for internal purposes and often disallow traffic configured to these values. For example, Cisco Catalyst switches typically reserve VLANs 1001 to 1024 and 4094, while Nexus switches typically reserve 3968 to 4094.\n\n    Check with the documentation for the organization's specific switch. Using a reserved VLAN might result in a denial of service on the network.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Review the port group VLAN tags and verify that they are not set to a reserved VLAN ID.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup | select Name, VlanConfiguration\n\n    If any port group is configured with a reserved VLAN ID, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"VLAN\\\" tab. Change the VLAN ID to an unreserved VLAN ID.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDPortgroup \\\"portgroup name\\\" | Set-VDVlanConfiguration -VlanId \\\"New VLAN#\\\"\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000274'\n  tag rid: 'SV-VCSA-80-000274'\n  tag stig_id: 'VCSA-80-000274'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDPortgroup | Where-Object {$_.IsUplink -eq $false} | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vlanlist = ['1001', '1024', '3968', '4047', '4094']\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should_not be_in vlanlist }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in "1001", "1024", "3968", "4047", and "4094"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in "1001", "1024", "3968", "4047", and "4094"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in "1001", "1024", "3968", "4047", and "4094"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in "1001", "1024", "3968", "4047", and "4094"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000275</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000275</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000275</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must configure the "vpxuser" auto-password to be changed every 30 days.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By default, vCenter will change the "vpxuser" password automatically every 30 days. Ensure this setting meets site policies. If it does not, configure it to meet password aging policies.
+
+Note: It is very important the password aging policy is not shorter than the default interval that is set to automatically change the "vpxuser" password to preclude the possibility that vCenter might be locked out of an ESXi host.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-expected: true
-     got: False
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000069</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000164</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000069</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000069</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server passwords must be at least 15 characters in length.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
+Verify that "VirtualCenter.VimPasswordExpirationInDays" is set to "30".
 
-Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
+or
 
-Use of more characters in a password helps to exponentially increase the time and&#x2F;or resources required to compromise the password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-View the value of the &quot;Minimum Length&quot; setting.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays
 
-Minimum Length: 15
+If the "VirtualCenter.VimPasswordExpirationInDays" is set to a value other than "30" or does not exist, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-If the password policy is not configured with a &quot;Minimum Length&quot; policy of &quot;15&quot; or more, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Click &quot;Edit&quot;.
-
-Set the &quot;Minimum Length&quot; to &quot;15&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d9050334-a1a1-4e08-985f-040d82758bb2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000205</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoPasswordPolicy).MinLength stdout.strip is expected to cmp &gt;&#x3D; 15
-
-expected it to be &gt;&#x3D; 15
-     got: 8
+Click "Edit Settings" and configure the "VirtualCenter.VimPasswordExpirationInDays" value to "30" or if the value does not exist create it by entering the values in the "Key" and "Value" fields and clicking "Add".
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000070</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000165</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000070</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000070</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must prohibit password reuse for a minimum of five generations.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+or
 
-To meet password policy requirements, passwords must be changed at specific policy-based intervals.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the result is a password that is not changed per policy requirements.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+If the setting already exists:
 
-View the value of the &quot;Restrict reuse&quot; setting.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays | Set-AdvancedSetting -Value 30
 
-Restrict reuse: Users cannot reuse any previous 5 passwords
+If the setting does not exist:
 
-If the password policy is not configured with a &quot;Restrict reuse&quot; policy of &quot;5&quot; or more, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+New-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays -Value 30</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000275' do\n  title 'The vCenter Server must configure the \"vpxuser\" auto-password to be changed every 30 days.'\n  desc  \"\n    By default, vCenter will change the \\\"vpxuser\\\" password automatically every 30 days. Ensure this setting meets site policies. If it does not, configure it to meet password aging policies.\n\n    Note: It is very important the password aging policy is not shorter than the default interval that is set to automatically change the \\\"vpxuser\\\" password to preclude the possibility that vCenter might be locked out of an ESXi host.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Verify that \\\"VirtualCenter.VimPasswordExpirationInDays\\\" is set to \\\"30\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays\n\n    If the \\\"VirtualCenter.VimPasswordExpirationInDays\\\" is set to a value other than \\\"30\\\" or does not exist, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Click \\\"Edit Settings\\\" and configure the \\\"VirtualCenter.VimPasswordExpirationInDays\\\" value to \\\"30\\\" or if the value does not exist create it by entering the values in the \\\"Key\\\" and \\\"Value\\\" fields and clicking \\\"Add\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    If the setting already exists:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays | Set-AdvancedSetting -Value 30\n\n    If the setting does not exist:\n\n    New-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays -Value 30\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000275'\n  tag rid: 'SV-VCSA-80-000275'\n  tag stig_id: 'VCSA-80-000275'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name VirtualCenter.VimPasswordExpirationInDays | Select-Object -ExpandProperty Value'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp '30' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name VirtualCenter.VimPasswordExpirationInDays | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "30"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000276</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000276</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000276</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must configure the "vpxuser" password to meet length policy.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The "vpxuser" password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies.
+
+Longer passwords make brute-force password attacks more difficult. The "vpxuser" password is added by vCenter, meaning no manual intervention is normally required. The "vpxuser" password length must never be modified to less than the default length of 32 characters.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Click &quot;Edit&quot;.
-
-Set the &quot;Restrict reuse&quot; to &quot;5&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>94bd3a60-e2e3-42db-bca9-f7a34aba37a6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000200</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).ProhibitedPreviousPasswordsCount stdout.strip is expected to cmp &gt;&#x3D; 5</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000071</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000166</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000071</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000071</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one uppercase character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password is, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Verify that "config.vpxd.hostPasswordLength" is set to "32".
 
-View the value of the &quot;Character requirements&quot; setting.
+or
 
-Character requirements: At least 1 uppercase characters
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-If the password policy is not configured with &quot;Character requirements&quot; policy requiring &quot;1&quot; or more uppercase characters, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength and verify it is set to 32.
 
-Click &quot;Edit&quot;.
-
-Set &quot;uppercase characters&quot; to at least &quot;1&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>93cb5da4-d844-44b7-8924-8ac354538ec1</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).MinUppercaseCount stdout.strip is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000167</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000072</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one lowercase character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+If the "config.vpxd.hostPasswordLength" is set to a value other than "32, this is a finding.
 
-Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+If the setting does not exist, this is not a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-View the value of the &quot;Character requirements&quot; setting.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Character requirements: At least 1 lowercase characters
+Click "Edit Settings" and configure the "config.vpxd.hostPasswordLength" value to "32".
 
-If the password policy is not configured with &quot;Character requirements&quot; policy requiring &quot;1&quot; or more lowercase characters, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+or
 
-Click &quot;Edit&quot;.
-
-Set &quot;lowercase characters&quot; to at least &quot;1&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8cba8bef-2f5a-4856-8caf-3738b3dea93b</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000193</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).MinLowercaseCount stdout.strip is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000073</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000168</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000073</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000073</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one numeric character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength | Set-AdvancedSetting -Value 32</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000276' do\n  title 'The vCenter Server must configure the \"vpxuser\" password to meet length policy.'\n  desc  \"\n    The \\\"vpxuser\\\" password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies.\n\n    Longer passwords make brute-force password attacks more difficult. The \\\"vpxuser\\\" password is added by vCenter, meaning no manual intervention is normally required. The \\\"vpxuser\\\" password length must never be modified to less than the default length of 32 characters.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Verify that \\\"config.vpxd.hostPasswordLength\\\" is set to \\\"32\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength and verify it is set to 32.\n\n    If the \\\"config.vpxd.hostPasswordLength\\\" is set to a value other than \\\"32, this is a finding.\n\n    If the setting does not exist, this is not a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Click \\\"Edit Settings\\\" and configure the \\\"config.vpxd.hostPasswordLength\\\" value to \\\"32\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength | Set-AdvancedSetting -Value 32\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000276'\n  tag rid: 'SV-VCSA-80-000276'\n  tag stig_id: 'VCSA-80-000276'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.vpxd.hostPasswordLength | Select-Object -ExpandProperty Value'\n  describe.one do\n    describe powercli_command(command) do\n      its('stdout.strip') { should cmp '32' }\n    end\n    describe powercli_command(command) do\n      its('stdout.strip') { should be_empty }\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.vpxd.hostPasswordLength | Select-Object -ExpandProperty Value stdout.strip is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000277</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000277</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000277</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must be isolated from the public internet but must still allow for patch notification and delivery.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter and the embedded Lifecycle Manager system must never have a direct route to the internet. Despite this, updates and patches sourced from VMware on the internet must be delivered in a timely manner.
 
-View the value of the &quot;Character requirements&quot; setting.
+There are two methods to accomplish this: a proxy server and the Update Manager Download Service (UMDS). UMDS is an optional module for Lifecycle Manager that fetches upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to an isolated Lifecycle Manager directly.
 
-Character requirements: At least 1 numeric characters
+Alternatively, a proxy for Lifecycle Manager can be configured to allow controlled, limited access to the public internet for the sole purpose of patch gathering. Either solution mitigates the risk of internet connectivity by limiting its scope and use.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Check the following conditions:
 
-If the password policy is not configured with &quot;Character requirements&quot; policy requiring &quot;1&quot; or more numeric characters, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+1. Lifecycle Manager must be configured to use the UMDS.
 
-Click &quot;Edit&quot;.
-
-Set &quot;numeric characters&quot; to at least &quot;1&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>1cb17dbf-c77a-4297-843f-6ea61c5dce73</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000194</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).MinNumericCount stdout.strip is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000074</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000169</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000074</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000074</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server passwords must contain at least one special character.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+OR
 
-Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
+2. Lifecycle Manager must be configured to use a proxy server for access to VMware patch repositories.
 
-Special characters are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+OR
 
-View the value of the &quot;Character requirements&quot; setting.
+3. Lifecycle Manager must disable internet patch repositories and any patches must be manually validated and imported as needed.
 
-Character requirements: At least 1 special characters
+Option 1:
 
-If the password policy is not configured with &quot;Character requirements&quot; policy requiring &quot;1&quot; or more special characters, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
 
-Click &quot;Edit&quot;.
-
-Set &quot;special characters&quot; to at least &quot;1&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dabf0efc-9b2a-4638-9b28-fba5f3318a30</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001619</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).MinSpecialCharCount stdout.strip is expected to cmp &gt;&#x3D; 1</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000077</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enable FIPS-validated cryptography.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules use authentication that meets DOD requirements.
+Click the "Change Download Source" button.
 
-In vSphere 6.7 and later, ESXi and vCenter Server use FIPS-validated cryptography to protect management interfaces and the VMware Certificate Authority (VMCA).
+Verify the "Download patches from a UMDS shared repository" radio button is selected and that a valid UMDS repository is supplied.
 
-vSphere 7.0 Update 2 and later adds additional FIPS-validated cryptography to vCenter Server Appliance. By default, this FIPS validation option is disabled and must be enabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Web Client, go to Developer Center &gt;&gt; API Explorer.
+Click "Cancel".
 
-From the &quot;Select API&quot; drop-down menu, select appliance.
+If this is not set, this is a finding.
 
-Expand system&#x2F;security&#x2F;global_fips &gt;&gt; GET.
+Option 2:
 
-Click &quot;Execute&quot; and then &quot;Copy Response&quot; to view the results.
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
 
-Example response:
+Click the "Change Download Source" button.
 
-{
-    &quot;enabled&quot;: true
-}
+Verify the "Download patches directly from the internet" radio button is selected.
 
-or
+Click "Cancel".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Navigate to the vCenter Server Management interface at https://&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.
 
-Invoke-GetSystemGlobalFips
+Verify that "HTTPS" is "Enabled".
 
-If global FIPS mode is not enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Web Client go to Developer Center &gt;&gt; API Explorer.
+Click the "HTTPS" row.
 
-From the &quot;Select API&quot; drop-down menu, select appliance.
+Verify the proxy server configuration is accurate.
 
-Expand system&#x2F;security&#x2F;global_fips &gt;&gt; PUT.
+If this is not set, this is a finding.
 
-In the response body under &quot;Try it out&quot; paste the following:
+Option 3:
 
-{
-    &quot;enabled&quot;: true
-}
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.
 
-Click &quot;Execute&quot;.
+Verify the "Automatic downloads" option is disabled.
 
-or
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Verify any download sources are disabled.
 
-$spec &#x3D; Initialize-SystemSecurityGlobalFipsUpdateSpec -Enabled $true; Invoke-SetSystemGlobalFips -SystemSecurityGlobalFipsUpdateSpec $spec
-
-Note: The vCenter server reboots after FIPS is enabled or disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2a0ea005-fb92-4c14-95f0-6bc977f8dd44</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000197</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000803</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001188</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-003123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Invoke-GetSystemGlobalFips | Select-Object -ExpandProperty enabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
+If this is not set, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Option 1:
 
-expected: True
-     got: False
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000079</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000174</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000079</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000079</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enforce a 90-day maximum password lifetime restriction.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Any password, no matter how complex, can eventually be cracked. Therefore, passwords must be changed at specific intervals.
+Click the "Change Download Source" button.
 
-One method of minimizing this risk is to use complex passwords and periodically change them. If the application does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the system and&#x2F;or application passwords could be compromised.
+Select the "Download patches from a UMDS shared repository" radio button and supply a valid UMDS repository.
 
-This requirement does not include emergency administration accounts, which are meant for access to the application in case of failure. These accounts are not required to have maximum password lifetime restrictions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Click "Save".
 
-View the value of the &quot;Maximum lifetime&quot; setting.
+Option 2:
 
-Maximum lifetime: Password must be changed every 90 days
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
 
-If the password policy is not configured with &quot;Maximum lifetime&quot; policy of &quot;90&quot; or less, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Password Policy.
+Click the "Change Download Source" button.
 
-Click &quot;Edit&quot;.
-
-Set &quot;Maximum lifetime&quot; to &quot;90&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8e865e54-ce30-4498-9c63-ed34acf4fd3d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000199</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoPasswordPolicy).PasswordLifetimeDays stdout.strip is expected to cmp &lt;&#x3D; 90</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000080</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000175</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000080</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000080</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enable revocation checking for certificate-based authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The system must establish the validity of the user-supplied identity certificate using Online Certificate Status Protocol (OCSP) and&#x2F;or Certificate Revocation List (CRL) revocation checking.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a federated identity provider is configured and used for an identity source and supports Smartcard authentication, this is not applicable.
+Select the "Download patches directly from the internet" radio button.
 
-From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
+Click "Save".
 
-Under Smart card authentication settings &gt;&gt; Certificate revocation, verify &quot;Revocation check&quot; does not show as disabled.
+Navigate to the vCenter Server Management interface at https://&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.
 
-If &quot;Revocation check&quot; shows as disabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
+Click "Edit".
 
-Under Smart card authentication settings &gt;&gt; Certificate revocation, click the &quot;Edit&quot; button.
+Slide "HTTPS" to "Enabled".
 
-Configure revocation checking per site requirements. OCSP with CRL failover is recommended.
+Supply the appropriate proxy server configuration.
 
-By default, both locations are pulled from the cert. CRL location can be overridden in this screen, and local responders can be specified via the sso-config command line tool. See the vSphere documentation for more information.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b7eb09c1-dac6-43db-b820-a865780c7c74</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000185</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001991</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002010</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-SsoAuthenticationPolicy).UseInCertCRL stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000190</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000089</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free resources committed by the managed network element.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.
+Click "Save".
 
-View the value of the &quot;Session timeout&quot; setting.
+Option 3:
 
-If the &quot;Session timeout&quot; is not set to &quot;15 minute(s)&quot; or less this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Client Configuration.
+From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.
 
-Click &quot;Edit&quot; and enter &quot;15&quot; minutes into the &quot;Session timeout&quot; setting. Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ccbc173b-0d2a-4c5d-a627-efa15f53f1f2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001133</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002038</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002361</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000211</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server user roles must be verified.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Users and service accounts must only be assigned privileges they require. Least privilege requires that these privileges must only be assigned if needed to reduce risk of confidentiality, availability, or integrity loss.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+Click "Edit" and uncheck "Download patches".
+
+Under "Patch Setup" select each download source and click Disable.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000277' do\n  title 'The vCenter Server must be isolated from the public internet but must still allow for patch notification and delivery.'\n  desc  \"\n    vCenter and the embedded Lifecycle Manager system must never have a direct route to the internet. Despite this, updates and patches sourced from VMware on the internet must be delivered in a timely manner.\n\n    There are two methods to accomplish this: a proxy server and the Update Manager Download Service (UMDS). UMDS is an optional module for Lifecycle Manager that fetches upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to an isolated Lifecycle Manager directly.\n\n    Alternatively, a proxy for Lifecycle Manager can be configured to allow controlled, limited access to the public internet for the sole purpose of patch gathering. Either solution mitigates the risk of internet connectivity by limiting its scope and use.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Check the following conditions:\n\n    1. Lifecycle Manager must be configured to use the UMDS.\n\n    OR\n\n    2. Lifecycle Manager must be configured to use a proxy server for access to VMware patch repositories.\n\n    OR\n\n    3. Lifecycle Manager must disable internet patch repositories and any patches must be manually validated and imported as needed.\n\n    Option 1:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.\n\n    Click the \\\"Change Download Source\\\" button.\n\n    Verify the \\\"Download patches from a UMDS shared repository\\\" radio button is selected and that a valid UMDS repository is supplied.\n\n    Click \\\"Cancel\\\".\n\n    If this is not set, this is a finding.\n\n    Option 2:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.\n\n    Click the \\\"Change Download Source\\\" button.\n\n    Verify the \\\"Download patches directly from the internet\\\" radio button is selected.\n\n    Click \\\"Cancel\\\".\n\n    Navigate to the vCenter Server Management interface at https://&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.\n\n    Verify that \\\"HTTPS\\\" is \\\"Enabled\\\".\n\n    Click the \\\"HTTPS\\\" row.\n\n    Verify the proxy server configuration is accurate.\n\n    If this is not set, this is a finding.\n\n    Option 3:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.\n\n    Verify the \\\"Automatic downloads\\\" option is disabled.\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.\n\n    Verify any download sources are disabled.\n\n    If this is not set, this is a finding.\n  \"\n  desc 'fix', \"\n    Option 1:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.\n\n    Click the \\\"Change Download Source\\\" button.\n\n    Select the \\\"Download patches from a UMDS shared repository\\\" radio button and supply a valid UMDS repository.\n\n    Click \\\"Save\\\".\n\n    Option 2:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.\n\n    Click the \\\"Change Download Source\\\" button.\n\n    Select the \\\"Download patches directly from the internet\\\" radio button.\n\n    Click \\\"Save\\\".\n\n    Navigate to the vCenter Server Management interface at https://&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.\n\n    Click \\\"Edit\\\".\n\n    Slide \\\"HTTPS\\\" to \\\"Enabled\\\".\n\n    Supply the appropriate proxy server configuration.\n\n    Click \\\"Save\\\".\n\n    Option 3:\n\n    From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.\n\n    Click \\\"Edit\\\" and uncheck \\\"Download patches\\\".\n\n    Under \\\"Patch Setup\\\" select each download source and click Disable.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000277'\n  tag rid: 'SV-VCSA-80-000277'\n  tag stig_id: 'VCSA-80-000277'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000278</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000278</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000278</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must use unique service accounts when applications connect to vCenter.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Verify each external application that connects to vCenter has a unique service account dedicated to that application.
 
-View each role and verify the users and&#x2F;or groups assigned to it by clicking on &quot;Usage&quot;.
+For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.
 
-or
+If any application shares a service account that is used to connect to vCenter, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000278' do\n  title 'The vCenter Server must use unique service accounts when applications connect to vCenter.'\n  desc  'To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.'\n  desc  'rationale', ''\n  desc  'check', \"\n    Verify each external application that connects to vCenter has a unique service account dedicated to that application.\n\n    For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.\n\n    If any application shares a service account that is used to connect to vCenter, this is a finding.\n  \"\n  desc  'fix', \"\n    For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.\n\n    When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000278'\n  tag rid: 'SV-VCSA-80-000278'\n  tag stig_id: 'VCSA-80-000278'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000279</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000279</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000279</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines might share virtual switches and virtual local area networks (VLAN) with the IP-based storage configurations.
 
-Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
+IP-based storage includes vSAN, Internet Small Computer System Interface (iSCSI), and Network File System (NFS). This configuration might expose IP-based storage traffic to unauthorized virtual machine users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network.
 
-Application service account and user required privileges should be documented.
+To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from the production traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and virtual machines will limit unauthorized users from viewing the traffic.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If IP-based storage is not used, this is not applicable.
 
-If any user or service account has more privileges than required, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To update a user&#39;s or group&#39;s permissions to an existing role with reduced permissions, do the following:
+IP-based storage (iSCSI, NFS, vSAN) VMkernel port groups must be in a dedicated VLAN that can be on a standard or distributed virtual switch that is logically separated from other traffic types.
 
-From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.
+The check for this will be unique per environment.
 
-Select the user or group, click the pencil button, change the assigned role, and click &quot;OK&quot;.
+To check a standard switch, do the following:
 
-Note: If permissions are assigned on a specific object, the role must be updated where it is assigned (for example, at the cluster level).
+From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.
 
-To create a new role with reduced permissions, do the following:
+For each storage port group (iSCSI, NFS, vSAN), select the port group and note the VLAN ID associated with each port group.
 
-From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+Verify it is dedicated to that purpose and is logically separated from other traffic types.
 
-Click the green plus sign and enter a name for the role and select only the specific permissions required.
+To check a distributed switch, do the following,
 
-Users can then be assigned to the newly created role.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>97c390e7-d911-4687-b3d2-65149dbfbe63</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001082</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001084</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001813</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000247</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000110</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks by enabling Network I&#x2F;O Control (NIOC).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
+From the vSphere Client, go to "Networking".
 
-Managing excess capacity ensures sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+Select and expand a distributed switch.
 
-From the vSphere Client, go to Networking.
+For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to the "Summary" tab.
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+Note the VLAN ID associated with each port group and verify it is dedicated to that purpose and is logically separated from other traffic types.
 
-View the &quot;Properties&quot; pane and verify &quot;Network I&#x2F;O Control&quot; is &quot;Enabled&quot;.
+If any IP-based storage networks are not isolated from other traffic types, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Configuration of an IP-based VMkernel will be unique to each environment.
 
-or
+To configure VLANs and traffic types, do the following:
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Standard switch:
 
-Get-VDSwitch | select Name,@{N&#x3D;&quot;NIOC Enabled&quot;;E&#x3D;{$_.ExtensionData.config.NetworkResourceManagementEnabled}}
+From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
 
-If &quot;Network I&#x2F;O Control&quot; is disabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Networking.
+Select the Storage VMkernel (for any IP-based storage). Click "Edit..." and click the "Port properties" tab.
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+Uncheck everything (unless vSAN).
 
-In the &quot;Properties&quot; pane, click &quot;Edit&quot;. Change &quot;Network I&#x2F;O Control&quot; to &quot;Enabled&quot;. Click &quot;OK&quot;.
+Click the "IPv4" settings or "IPv6" settings tab.
 
-or
+Enter the appropriate IP address and subnet information.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Click "OK".
 
-(Get-VDSwitch &quot;VDSwitch Name&quot; | Get-View).EnableNetworkResourceManagement($true)</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b1bdf42d-5111-4663-8e9d-f3a464dbc2d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001095</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot;).ExtensionData.Config.NetworkResourceManagementEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.
 
-expected: true
-     got: False
+For each storage port group (iSCSI, NFS, vSAN), select the port group and click "...". Click "Edit Settings". On the "Properties" tab, enter the appropriate VLAN ID and click "OK".
 
-(compared using &#x60;cmp&#x60; matcher)
+Distributed switch:
 
---------------------------------
-failed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot;).ExtensionData.Config.NetworkResourceManagementEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+From the vSphere Client, go to "Networking".
 
-expected: true
-     got: False
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Topology.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000123</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Once an attacker establishes initial access to a system, they often attempt to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create a new account. They may also try to hijack an existing account by changing a password or enabling a previously disabled account. Therefore, all actions performed on accounts in the SSO domain much be alerted on in vCenter at a minimum and ideally on a Security Information and Event Management (SIEM) system as well.
+Select the Storage VMkernel (for any IP-based storage). Click "..." and click "Edit Settings".
 
-To ensure the appropriate personnel are alerted about SSO account actions, create a new vCenter alarm for the &quot;com.vmware.sso.PrincipalManagement&quot; event ID and configure the alert mechanisms appropriately.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+On the "Port properties" tab, uncheck everything (unless vSAN).
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.
+Click the "IPv4" settings or "IPv6" settings tab.
 
-Verify there is an alarm created to alert upon all SSO account actions.
+Enter the appropriate IP address and subnet information.
 
-The alarm name may vary, but it is suggested to name it &quot;SSO account actions - com.vmware.sso.PrincipalManagement&quot;.
+Click "OK".
 
-or
+From the vSphere Client, go to "Networking".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Select and expand a distributed switch.
 
-Get-AlarmDefinition | Where {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq &quot;com.vmware.sso.PrincipalManagement&quot;} | Select Name,Enabled,@{N&#x3D;&quot;EventTypeId&quot;;E&#x3D;{$_.ExtensionData.Info.Expression.Expression.EventTypeId}}
+For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-If an alarm is not created to alert on SSO account actions, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+Click "Edit".
+
+Click the "VLAN" tab.
+
+Enter the appropriate VLAN type and ID and click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000279' do\n  title 'The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic.'\n  desc  \"\n    Virtual machines might share virtual switches and virtual local area networks (VLAN) with the IP-based storage configurations.\n\n    IP-based storage includes vSAN, Internet Small Computer System Interface (iSCSI), and Network File System (NFS). This configuration might expose IP-based storage traffic to unauthorized virtual machine users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network.\n\n    To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from the production traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and virtual machines will limit unauthorized users from viewing the traffic.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If IP-based storage is not used, this is not applicable.\n\n    IP-based storage (iSCSI, NFS, vSAN) VMkernel port groups must be in a dedicated VLAN that can be on a standard or distributed virtual switch that is logically separated from other traffic types.\n\n    The check for this will be unique per environment.\n\n    To check a standard switch, do the following:\n\n    From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.\n\n    For each storage port group (iSCSI, NFS, vSAN), select the port group and note the VLAN ID associated with each port group.\n\n    Verify it is dedicated to that purpose and is logically separated from other traffic types.\n\n    To check a distributed switch, do the following,\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select and expand a distributed switch.\n\n    For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to the \\\"Summary\\\" tab.\n\n    Note the VLAN ID associated with each port group and verify it is dedicated to that purpose and is logically separated from other traffic types.\n\n    If any IP-based storage networks are not isolated from other traffic types, this is a finding.\n  \"\n  desc 'fix', \"\n    Configuration of an IP-based VMkernel will be unique to each environment.\n\n    To configure VLANs and traffic types, do the following:\n\n    Standard switch:\n\n    From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.\n\n    Select the Storage VMkernel (for any IP-based storage). Click \\\"Edit...\\\" and click the \\\"Port properties\\\" tab.\n\n    Uncheck everything (unless vSAN).\n\n    Click the \\\"IPv4\\\" settings or \\\"IPv6\\\" settings tab.\n\n    Enter the appropriate IP address and subnet information.\n\n    Click \\\"OK\\\".\n\n    From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.\n\n    For each storage port group (iSCSI, NFS, vSAN), select the port group and click \\\"...\\\". Click \\\"Edit Settings\\\". On the \\\"Properties\\\" tab, enter the appropriate VLAN ID and click \\\"OK\\\".\n\n    Distributed switch:\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Topology.\n\n    Select the Storage VMkernel (for any IP-based storage). Click \\\"...\\\" and click \\\"Edit Settings\\\".\n\n    On the \\\"Port properties\\\" tab, uncheck everything (unless vSAN).\n\n    Click the \\\"IPv4\\\" settings or \\\"IPv6\\\" settings tab.\n\n    Enter the appropriate IP address and subnet information.\n\n    Click \\\"OK\\\".\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select and expand a distributed switch.\n\n    For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\".\n\n    Click the \\\"VLAN\\\" tab.\n\n    Enter the appropriate VLAN type and ID and click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000279'\n  tag rid: 'SV-VCSA-80-000279'\n  tag stig_id: 'VCSA-80-000279'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000280</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000280</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000280</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must be configured to send events to a central log server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter server generates volumes of security-relevant application-level events. Examples include logins, system reconfigurations, system degradation warnings, and more. To ensure these events are available for forensic analysis and correlation, they must be sent to the syslog and forwarded on to the configured Security Information and Event Management (SIEM) system and/or central log server.
+
+The vCenter server sends events to syslog by default, but this configuration must be verified and maintained.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Security &gt;&gt; Alarm Definitions.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Click &quot;Add&quot;.
+Verify that "vpxd.event.syslog.enabled" value is set to "true".
 
-Provide the alarm name of &quot;SSO account actions - com.vmware.sso.PrincipalManagement&quot; and an optional description.
+or
 
-From the &quot;Target type&quot; dropdown menu, select &quot;vCenter Server&quot;.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Click &quot;Next&quot;.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled
 
-Paste &quot;com.vmware.sso.PrincipalManagement&quot; (without quotes) in the line after &quot;IF&quot; and press &quot;Enter&quot;.
+If the "vpxd.event.syslog.enabled" value is not set to "true", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Next to &quot;Trigger the alarm and&quot;, select &quot;Show as Warning&quot;.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
 
-Configure the desired notification actions that will inform the SA and ISSO of the event.
+Click "Edit Settings" and configure the "vpxd.event.syslog.enabled" setting to "true".
 
-Click &quot;Next&quot;. Click &quot;Next&quot; again. Click &quot;Create&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>76584551-e7ae-4214-94b9-9bd7730dfc73</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001683</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001684</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001685</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001686</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002132</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-AlarmDefinition | Where-Object {$_.ExtensionData.Info.Expression.Expression.EventTypeId -eq &quot;com.vmware.sso.PrincipalManagement&quot;} | Select-Object -ExpandProperty Enabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+or
 
-expected: true
-     got: 
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000145</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
+Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled | Set-AdvancedSetting -Value true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000280' do\n  title 'The vCenter server must be configured to send events to a central log server.'\n  desc  \"\n    vCenter server generates volumes of security-relevant application-level events. Examples include logins, system reconfigurations, system degradation warnings, and more. To ensure these events are available for forensic analysis and correlation, they must be sent to the syslog and forwarded on to the configured Security Information and Event Management (SIEM) system and/or central log server.\n\n    The vCenter server sends events to syslog by default, but this configuration must be verified and maintained.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Verify that \\\"vpxd.event.syslog.enabled\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled\n\n    If the \\\"vpxd.event.syslog.enabled\\\" value is not set to \\\"true\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.\n\n    Click \\\"Edit Settings\\\" and configure the \\\"vpxd.event.syslog.enabled\\\" setting to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled | Set-AdvancedSetting -Value true\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000358'\n  tag gid: 'V-VCSA-80-000280'\n  tag rid: 'SV-VCSA-80-000280'\n  tag stig_id: 'VCSA-80-000280'\n  tag cci: ['CCI-001851']\n  tag nist: ['AU-4 (1)']\n\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name vpxd.event.syslog.enabled | Select-Object -ExpandProperty Value'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp 'true' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name vpxd.event.syslog.enabled | Select-Object -ExpandProperty Value stdout.strip is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000281</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000281</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000281</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List (HCL) by use of an external proxy server.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vSAN Health Check is able to download the HCL from VMware to check compliance against the underlying vSAN Cluster hosts. To ensure the vCenter server is not directly downloading content from the internet, this functionality must be disabled. If this feature is necessary, an external proxy server must be configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
 
-View the value of the &quot;Time interval between failures&quot; setting.
+From the vSphere Client, go to Host and Clusters.
 
-Time interval between failures: 900 seconds
+Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.
 
-If the lockout policy is not configured with &quot;Time interval between failures&quot; policy of &quot;900&quot; or more, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
+If the HCL internet download is not required, verify "Status" is "Disabled".
 
-Click &quot;Edit&quot;.
-
-Set the &quot;Time interval between failures&quot; to &quot;900&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5e6de067-26cf-412a-b4b2-1f24a105bd6f</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoLockoutPolicy).FailedAttemptIntervalSec stdout.strip is expected to cmp &gt;&#x3D; 900
-
-expected it to be &gt;&#x3D; 900
-     got: 180
+If the "Status" is "Enabled", this is a finding.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000148</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000148</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000148</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must be configured to send logs to a central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter must be configured to send near real-time log data to syslog collectors so information will be available to investigators in the case of a security incident or to assist in troubleshooting.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Syslog&quot; on the left navigation pane.
-
-On the resulting pane on the right, verify at least one site-specific syslog receiver is configured and is listed as &quot;Reachable&quot;.
-
-If no valid syslog collector is configured or if the collector is not listed as &quot;Reachable&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the VAMI by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with an SSO account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Syslog&quot; on the left navigation pane.
-
-On the resulting pane on the right, click &quot;Edit&quot; or &quot;Configure&quot;.
+If the HCL internet download is required, verify "Status" is "Enabled" and a proxy host is configured.
 
-Edit or add the address and port of a site-specific syslog aggregator or Security Information Event Management (SIEM) system with the appropriate protocol.
+If "Status" is "Enabled" and a proxy is not configured, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-User Datagram Protocol (UDP) is discouraged due to its stateless and unencrypted nature. Transport Layer Security (TLS) is preferred.
+Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.
 
-Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>61f6b9ae-3ae6-4529-ad83-ab8b5e130ee8</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-No log servers configured: [] is expected not to be empty
-expected &#x60;[].empty?&#x60; to be falsey, got true</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000360</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000150</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.
+Click "Edit".
+
+If the HCL internet download is not required, ensure that "Status" is "Disabled".
+
+If the HCL internet download is required, ensure that "Status" is "Enabled" and that a proxy host is appropriately configured.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000281' do\n  title 'The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List (HCL) by use of an external proxy server.'\n  desc  'The vSAN Health Check is able to download the HCL from VMware to check compliance against the underlying vSAN Cluster hosts. To ensure the vCenter server is not directly downloading content from the internet, this functionality must be disabled. If this feature is necessary, an external proxy server must be configured.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If no clusters are enabled for vSAN, this is not applicable.\n\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.\n\n    If the HCL internet download is not required, verify \\\"Status\\\" is \\\"Disabled\\\".\n\n    If the \\\"Status\\\" is \\\"Enabled\\\", this is a finding.\n\n    If the HCL internet download is required, verify \\\"Status\\\" is \\\"Enabled\\\" and a proxy host is configured.\n\n    If \\\"Status\\\" is \\\"Enabled\\\" and a proxy is not configured, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.\n\n    Click \\\"Edit\\\".\n\n    If the HCL internet download is not required, ensure that \\\"Status\\\" is \\\"Disabled\\\".\n\n    If the HCL internet download is required, ensure that \\\"Status\\\" is \\\"Enabled\\\" and that a proxy host is appropriately configured.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000281'\n  tag rid: 'SV-VCSA-80-000281'\n  tag stig_id: 'VCSA-80-000281'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  # Get all clusters with vSAN enabled\n  clusters = powercli_command('Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Sort-Object | Select-Object -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if !clusters.empty?\n    command = '$vsanphview = Get-VsanView -Id VsanPhoneHomeSystem-vsan-phonehome-system; $vsanphview.QueryVsanCloudHealthStatus().InternetConnectivity'\n    vcinternetenabled = powercli_command(command).stdout.strip\n\n    if vcinternetenabled == 'True'\n      proxycommand = '$vsanhealthview = Get-VsanView -Id VsanVcClusterHealthSystem-vsan-cluster-health-system; $vsanhealthview.VsanHealthQueryVsanProxyConfig().Host'\n      describe powercli_command(proxycommand) do\n        its('stdout.strip') { should_not cmp '' }\n      end\n    else\n      describe 'Enable Internet access for all vSAN clusters.' do\n        subject { vcinternetenabled }\n        it { should cmp 'false' }\n      end\n    end\n  else\n    describe 'No clusters with vSAN enabled found...skipping tests' do\n      skip 'No clusters with vSAN enabled found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: $vsanhealthview = Get-VsanView -Id VsanVcClusterHealthSystem-vsan-cluster-health-system; $vsanhealthview.VsanHealthQueryVsanProxyConfig().Host stdout.strip is expected not to cmp == "" :: MESSAGE 
+expected: 
+     got: 
 
-Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Review the Central Logging Server being used to verify it is configured to alert the SA and ISSO, at a minimum, on any AO-defined events. Otherwise, this is a finding.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000282</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000282</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000282</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must configure the vSAN Datastore name to a unique name.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>A vSAN Datastore name by default is "vsanDatastore". If more than one vSAN cluster is present in vCenter, both datastores will have the same name by default, potentially leading to confusion and manually misplaced workloads.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
 
-If there are no AO-defined events, this is not a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configure the Central Logging Server being used to alert the SA and ISSO, at a minimum, on any AO-defined events.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>695bf69f-954e-4561-8268-c8a01f53be06</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001744</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001858</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check
-This must be reviewed manually</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000158</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000371</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000158</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000158</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity.
+From the vSphere Client, go to Host and Clusters.
 
-Synchronizing internal information system clocks to an authoritative time server provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Time&quot; on the left navigation pane.
-
-On the resulting pane on the right, verify at least one authorized time server is configured and is listed as &quot;Reachable&quot;.
-
-If &quot;NTP&quot; is not enabled and at least one authorized time server configured, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the VAMI by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with an SSO account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Time&quot; on the left navigation pane.
-
-On the resulting pane on the right, click &quot;Edit&quot; under &quot;Time Synchronization&quot;.
-
-Select &quot;NTP&quot; for &quot;Mode&quot; and enter a list of authorized time servers separated by commas. Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>910161ad-1060-456f-8a20-387aac9e1b8c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001891</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-Timesync Configuration: HOST is expected to cmp &#x3D;&#x3D; &quot;NTP&quot;
+Select a vSAN Enabled Cluster &gt;&gt; Datastores.
 
-expected: NTP
-     got: HOST
+Review the datastores and identify any datastores with "vSAN" as the datastore type.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000427</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000195</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Untrusted certificate authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DOD-approved CA, trust of this CA has not been established.
+or
 
-The DOD will only accept public key infrastructure (PKI) certificates obtained from a DOD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of Transport Layer Security (TLS) certificates.
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-The default self-signed, VMware Certificate Authority (VMCA)-issued vCenter reverse proxy certificate must be replaced with a DOD-approved certificate. The use of a DOD certificate on the vCenter reverse proxy and other services assures clients that the service they are connecting to is legitimate and trusted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.
+If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
+Write-Host "vSAN Enabled Cluster found"
+Get-Cluster | where {$_.VsanEnabled} | Get-Datastore | where {$_.type -match "vsan"}
+}
+else{
+Write-Host "vSAN is not enabled, this finding is not applicable."
+}
 
-Click &quot;View Details&quot; and examine the &quot;Issuer Information&quot; block.
+If vSAN is enabled and a datastore is named "vsanDatastore", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-If the issuer specified is not a DOD approved certificate authority, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Obtain a DOD-issued certificate and private key for each vCenter in the system following the requirements below:
+Select a vSAN Enabled Cluster &gt;&gt; Datastores.
 
-Key size: 2048 bits or more (PEM encoded)
-CRT format (Base-64)
-x509 version 3
-SubjectAltName must contain DNS Name&#x3D;&lt;machine_FQDN&gt;
-Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment
+Right-click on the datastore named "vsanDatastore" and select "Rename".
 
-Export the entire certificate issuing chain up to the root in Base-64 format. Concatenate the individual certificates into one file with the &quot;.cer&quot; extension.
+Rename the datastore based on site-specific naming standards.
 
-From the vSphere Client, go to Administration &gt;&gt; Certificates &gt;&gt; Certificate Management &gt;&gt; Machine SSL Certificate.
+Click "OK".
 
-Click Actions &gt;&gt; Import and Replace Certificate.
+or
 
-Select the &quot;Replace with external CA certificate&quot; radio button and click &quot;Next&quot;.
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Supply the CA-issued certificate , the exported roots file, and the private key.
+If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
+Write-Host "vSAN Enabled Cluster found"
+$Clusters = Get-Cluster | where {$_.VsanEnabled}
+Foreach ($clus in $clusters){
+ $clus | Get-Datastore | where {$_.type -match "vsan"} | Set-Datastore -Name $(($clus.name) + "_vSAN_Datastore")
+}
+}
+else{
+Write-Host "vSAN is not enabled, this finding is not applicable."
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000282' do\n  title 'The vCenter Server must configure the vSAN Datastore name to a unique name.'\n  desc  'A vSAN Datastore name by default is \"vsanDatastore\". If more than one vSAN cluster is present in vCenter, both datastores will have the same name by default, potentially leading to confusion and manually misplaced workloads.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If no clusters are enabled for vSAN, this is not applicable.\n\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vSAN Enabled Cluster &gt;&gt; Datastores.\n\n    Review the datastores and identify any datastores with \\\"vSAN\\\" as the datastore type.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){\n    Write-Host \\\"vSAN Enabled Cluster found\\\"\n    Get-Cluster | where {$_.VsanEnabled} | Get-Datastore | where {$_.type -match \\\"vsan\\\"}\n    }\n    else{\n    Write-Host \\\"vSAN is not enabled, this finding is not applicable.\\\"\n    }\n\n    If vSAN is enabled and a datastore is named \\\"vsanDatastore\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vSAN Enabled Cluster &gt;&gt; Datastores.\n\n    Right-click on the datastore named \\\"vsanDatastore\\\" and select \\\"Rename\\\".\n\n    Rename the datastore based on site-specific naming standards.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){\n    Write-Host \\\"vSAN Enabled Cluster found\\\"\n    $Clusters = Get-Cluster | where {$_.VsanEnabled}\n    Foreach ($clus in $clusters){\n     $clus | Get-Datastore | where {$_.type -match \\\"vsan\\\"} | Set-Datastore -Name $(($clus.name) + \\\"_vSAN_Datastore\\\")\n    }\n    }\n    else{\n    Write-Host \\\"vSAN is not enabled, this finding is not applicable.\\\"\n    }\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000282'\n  tag rid: 'SV-VCSA-80-000282'\n  tag stig_id: 'VCSA-80-000282'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-Cluster | Where-Object {$_.VsanEnabled} | Get-Datastore | Where-Object {$_.type -match \"vsan\"} | Select-Object -ExpandProperty Name'\n  vsandatastores = powercli_command(command).stdout.strip.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vsandatastores.empty?\n    describe '' do\n      skip 'No VSAN datastores found to check.'\n    end\n  else\n    vsandatastores.each do |ds|\n      describe '' do\n        subject { ds }\n        it { should_not cmp 'vsanDatastore' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST is expected not to cmp == "vsanDatastore" :: MESSAGE 
+expected: vsanDatastore
+     got: vsanDatastore
 
-Click &quot;Replace&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a3d531f1-5507-4eb5-a730-6475315e68eb</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002470</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-ssl_certificate for &#39;10.186.30.81&#39; issuer_organization is expected to cmp &#x3D;&#x3D; &quot;U.S. Government&quot;
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000283</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000283</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000283</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable Username/Password and Windows Integrated Authentication.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>All forms of authentication other than Common Access Card (CAC) must be disabled. Password authentication can be temporarily reenabled for emergency access to the local Single Sign-On (SSO) accounts or Active Directory user/pass accounts, but it must be disabled as soon as CAC authentication is functional.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If a federated identity provider is configured and used for an identity source, this is not applicable.
 
-expected: U.S. Government
-     got: sc2-10-186-30-81.eng.vmware.com
+From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000428</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000196</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enable data at rest encryption for vSAN.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Applications handling data requiring &quot;data at rest&quot; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+Under "Authentication method", examine the allowed methods.
 
-Data encryption is a common technique used in environments that require additional levels of security.  It consists of a process to ensure that data can only be consumed by systems that have appropriate levels of access.  Approved systems must have and use the appropriate cryptographic keys to encrypt and decrypt the data.  Systems that do not have the keys will not be able to consume the data in any meaningful way, as it will remain encrypted in accordance to the commonly used Advanced Encryption Standard (AES) from the National Institute of Standards and Technology, or NIST.
+If "Smart card authentication" is not enabled and "Password and windows session authentication" is not disabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
 
-vSAN supports Data-At-Rest Encryption and Data-in-Transit Encryption and uses an AES 256 cipher. Data is encrypted after all other processing, such as deduplication, is performed. Data at rest encryption protects data on storage devices, in case a device is removed from the cluster.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
+Next to "Authentication method", click "Edit".
 
-From the vSphere Client, go to Host and Clusters.
+Select to radio button to "Enable smart card authentication".
 
-Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
+Click "Save".
 
-Review the &quot;Data-at-rest encryption&quot; status.
+To re-enable password authentication for troubleshooting purposes, run the following command on the vCenter Server Appliance:
 
-or
+# /opt/vmware/bin/sso-config.sh -set_authn_policy -pwdAuthn true -winAuthn false -certAuthn false -securIDAuthn false -t vsphere.local</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000283' do\n  title 'The vCenter Server must disable Username/Password and Windows Integrated Authentication.'\n  desc  'All forms of authentication other than Common Access Card (CAC) must be disabled. Password authentication can be temporarily reenabled for emergency access to the local Single Sign-On (SSO) accounts or Active Directory user/pass accounts, but it must be disabled as soon as CAC authentication is functional.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If a federated identity provider is configured and used for an identity source, this is not applicable.\n\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.\n\n    Under \\\"Authentication method\\\", examine the allowed methods.\n\n    If \\\"Smart card authentication\\\" is not enabled and \\\"Password and windows session authentication\\\" is not disabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.\n\n    Next to \\\"Authentication method\\\", click \\\"Edit\\\".\n\n    Select to radio button to \\\"Enable smart card authentication\\\".\n\n    Click \\\"Save\\\".\n\n    To re-enable password authentication for troubleshooting purposes, run the following command on the vCenter Server Appliance:\n\n    # /opt/vmware/bin/sso-config.sh -set_authn_policy -pwdAuthn true -winAuthn false -certAuthn false -securIDAuthn false -t vsphere.local\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000283'\n  tag rid: 'SV-VCSA-80-000283'\n  tag stig_id: 'VCSA-80-000283'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  if input('embeddedIdp')\n    describe powercli_command('(Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled') do\n      its('stdout.strip') { should cmp 'true' }\n    end\n    describe powercli_command('(Get-SsoAuthenticationPolicy).PasswordAuthnEnabled') do\n      its('stdout.strip') { should cmp 'false' }\n    end\n    describe powercli_command('(Get-SsoAuthenticationPolicy).WindowsAuthnEnabled') do\n      its('stdout.strip') { should cmp 'false' }\n    end\n  else\n    describe 'A federated IDP is configured so this is Not Applicable.' do\n      skip 'A federated IDP is configured so this is Not Applicable.'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: (Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: False
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+(compared using `cmp` matcher)
 
-Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Get-VsanClusterConfiguration | Select-Object Name,EncryptionEnabled
+--------------------------------
+failed :: TEST PowerCLI Command: (Get-SsoAuthenticationPolicy).PasswordAuthnEnabled stdout.strip is expected to cmp == "false" :: MESSAGE 
+expected: false
+     got: True
 
-If &quot;Data-At-Rest encryption&quot; is not enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+(compared using `cmp` matcher)
 
-Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
+--------------------------------
+failed :: TEST PowerCLI Command: (Get-SsoAuthenticationPolicy).WindowsAuthnEnabled stdout.strip is expected to cmp == "false" :: MESSAGE 
+expected: false
+     got: True
 
-Click &quot;Edit&quot;.
-
-Enable &quot;Data-At-Rest encryption&quot; and select a pre-configured key provider from the drop down. Click &quot;Apply&quot;.
-
-Note: Before enabling, read and understand the operational implications of enabling data at rest encryption in vSAN and how it effects capacity, performance, and recovery scenarios.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>82f95148-5412-40e3-9c00-87d9759e07da</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002475</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-Cluster -Name cluster0 | Get-VsanClusterConfiguration | Select-Object -ExpandProperty EncryptionEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000284</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000284</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000284</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must restrict access to the default roles with cryptographic permissions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>In vSphere, the built-in "Administrator" role contains permission to perform cryptographic operations such as Key Management Server (KMS) functions and encrypting and decrypting virtual machine disks. This role must be reserved for cryptographic administrators where virtual machine encryption and/or vSAN encryption is in use.
+
+A new built-in role called "No Cryptography Administrator" exists to provide all administrative permissions except cryptographic operations. Permissions must be restricted such that normal vSphere administrators are assigned the "No Cryptography Administrator" role or more restrictive.
+
+The "Administrator" role must be tightly controlled and must not be applied to administrators who will not be doing cryptographic work. Catastrophic data loss can result from poorly administered cryptography.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.
 
-expected: true
-     got: False
+From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000248</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000248</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000248</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable the Customer Experience Improvement Program (CEIP).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The VMware CEIP sends VMware anonymized system information that is used to improve the quality, reliability, and functionality of VMware products and services. For confidentiality purposes this feature must be disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.
+or
 
-If Customer Experience Improvement &quot;Program Status&quot; is &quot;Joined&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Deployment &gt;&gt; Customer Experience Improvement Program.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Click &quot;Leave Program&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7cdd9353-2410-46fa-9a50-eb21cf78e7f5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000575</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000253</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must enforce SNMPv3 security features where SNMP is required.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. SNMPv3 can be configured for identification and cryptographically based authentication.
+Get-VIPermission | Where {$_.Role -eq "Admin" -or $_.Role -eq "NoTrustedAdmin" -or $_.Role -eq "vCLSAdmin" -or $_.Role -eq "vSphereKubernetesManager"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
 
-SNMPv3 defines a user-based security model (USM) and a view-based access control model (VACM). SNMPv3 USM provides data integrity, data origin authentication, message replay protection, and protection against disclosure of the message payload. SNMPv3 VACM provides access control to determine whether a specific type of access (read or write) to the management information is allowed. Implement both VACM and USM for full protection.
+If there are any users or groups assigned to the default roles with cryptographic permissions and are not explicitly designated to perform cryptographic operations, this is a finding.
 
-SNMPv3 must be disabled by default and enabled only if used. SNMP v3 provides security feature enhancements to SNMP, including encryption and message authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following commands:
+The built-in solution users assigned to the administrator role are NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-# appliancesh
-# snmp.get
+Move any accounts not explicitly designated for cryptographic operations, other than Solution Users, to other roles such as "No Cryptography Administrator".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000284' do\n  title 'The vCenter Server must restrict access to the default roles with cryptographic permissions.'\n  desc  \"\n    In vSphere, the built-in \\\"Administrator\\\" role contains permission to perform cryptographic operations such as Key Management Server (KMS) functions and encrypting and decrypting virtual machine disks. This role must be reserved for cryptographic administrators where virtual machine encryption and/or vSAN encryption is in use.\n\n    A new built-in role called \\\"No Cryptography Administrator\\\" exists to provide all administrative permissions except cryptographic operations. Permissions must be restricted such that normal vSphere administrators are assigned the \\\"No Cryptography Administrator\\\" role or more restrictive.\n\n    The \\\"Administrator\\\" role must be tightly controlled and must not be applied to administrators who will not be doing cryptographic work. Catastrophic data loss can result from poorly administered cryptography.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.\n\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VIPermission | Where {$_.Role -eq \\\"Admin\\\" -or $_.Role -eq \\\"NoTrustedAdmin\\\" -or $_.Role -eq \\\"vCLSAdmin\\\" -or $_.Role -eq \\\"vSphereKubernetesManager\\\"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto\n\n    If there are any users or groups assigned to the default roles with cryptographic permissions and are not explicitly designated to perform cryptographic operations, this is a finding.\n\n    The built-in solution users assigned to the administrator role are NOT a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    Move any accounts not explicitly designated for cryptographic operations, other than Solution Users, to other roles such as \\\"No Cryptography Administrator\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000284'\n  tag rid: 'SV-VCSA-80-000284'\n  tag stig_id: 'VCSA-80-000284'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vcCryptoAdmins = input('vcCryptoAdmins')\n\n  # Get all users/groups with Admin/Administrator role excluding vpxd- accounts\n  command = 'Get-VIPermission | Where-Object {($_.Role -eq \"Admin\" -or $_.Role -eq \"NoTrustedAdmin\" -or $_.Role -eq \"vCLSAdmin\" -or $_.Role -eq \"vSphereKubernetesManager\") -and $_.Principal -notmatch \"vpxd-\"} | Select-Object -ExpandProperty Principal'\n  cryptoadmins = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if !cryptoadmins.empty?\n    cryptoadmins.each do |cryptoadmin|\n      describe cryptoadmin do\n        subject { cryptoadmin }\n        it { should be_in vcCryptoAdmins }\n      end\n    end\n  else\n    describe 'No users/groups found assigned to crypto roles...skipping tests.' do\n      skip 'No users/groups found assigned to crypto roles...skipping tests.'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VSPHERE.LOCAL\Administrator is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\Administrators is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\Administrators is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\vCLSAdmin is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\Administrators is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\vCLSAdmin is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\Administrators is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\vCLSAdmin is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\Administrators is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"
+--------------------------------
+passed :: TEST VSPHERE.LOCAL\vCLSAdmin is expected to be in "VSPHERE.LOCAL\\Administrator", "VSPHERE.LOCAL\\Administrators", and "VSPHERE.LOCAL\\vCLSAdmin"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000285</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000285</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000285</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must restrict access to cryptographic permissions.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>These permissions must be reserved for cryptographic administrators where virtual machine encryption and/or vSAN encryption is in use. Catastrophic data loss can result from poorly administered cryptography.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.
 
-Note: The &quot;appliancesh&quot; command is not needed if the default shell has not been changed for root.
+From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-If &quot;Enable&quot; is set to &quot;False&quot;, this is not a finding.
+Highlight each role and click the 'Privileges" button in the right pane.
 
-If &quot;Enable&quot; is set to &quot;True&quot; and &quot;Authentication&quot; is not set to &quot;SHA1&quot;, this is a finding.
+Verify that only the Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager and any site-specific cryptographic roles have the following permissions:
 
-If &quot;Enable&quot; is set to &quot;True&quot; and &quot;Privacy&quot; is not set to &quot;AES128&quot;, this is a finding.
+Cryptographic Operations privileges
+Global.Diagnostics
+Host.Inventory.Add host to cluster
+Host.Inventory.Add standalone host
+Host.Local operations.Manage user groups
 
-If any &quot;Users&quot; are configured with a &quot;Sec_level&quot; that does not equal &quot;priv&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>At the command prompt on the vCenter Server Appliance, run the following commands:
-
-# appliancesh
-# snmp.set --authentication SHA1
-# snmp.set --privacy AES128
-
-To change the security level of a user, run the following command:
-
-# snmp.set --users &lt;username&gt;&#x2F;&lt;auth_password&gt; &lt;priv_password&gt;&#x2F;priv</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d139ee3a-6afe-48a4-a6af-0c8a13e8b530</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000265</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000575</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000265</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000265</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must disable SNMPv1&#x2F;2 receivers.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were easily exploited. Therefore, SNMPv1&#x2F;2 receivers must be disabled, while SNMPv3 is configured in another control. vCenter exposes SNMP v1&#x2F;2 in the UI and SNMPv3 in the CLI.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
-
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
-
-Click &quot;Edit&quot;.
-
-On the &quot;SNMP receivers&quot; tab, note the presence of any enabled receiver.
+or
 
-If there are any enabled receivers, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
+$roles = Get-VIRole
+ForEach($role in $roles){
+    $privileges = $role.PrivilegeList
+    If($privileges -match "Crypto*" -or $privileges -match "Global.Diagnostics" -or $privileges -match "Host.Inventory.Add*" -or $privileges -match "Host.Local operations.Manage user groups"){
+    Write-Host "$role has Cryptographic privileges"
+    }
+}
 
-Click &quot;Edit&quot;.
-
-On the &quot;SNMP receivers&quot; tab, ensure all receivers are disabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>67b90404-8381-48ec-bceb-73ea2101285e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-View -Id &#39;OptionManager-VpxSettings&#39;).setting | Where-Object {$_.key -match &#39;snmp.receiver.1.enabled&#39;} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+If any role other than the four default roles contain the permissions listed above and is not authorized to perform cryptographic related operations, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-expected: False
-     got: True
+Highlight the target custom role and click "Edit".
 
-(compared using &#x60;cmp&#x60; matcher)
+Remove the following permissions from any custom role that is not authorized to perform cryptographic related operations:
 
+Cryptographic Operations privileges
+Global.Diagnostics
+Host.Inventory.Add host to cluster
+Host.Inventory.Add standalone host
+Host.Local operations.Manage user groups</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000285' do\n  title 'The vCenter Server must restrict access to cryptographic permissions.'\n  desc  'These permissions must be reserved for cryptographic administrators where virtual machine encryption and/or vSAN encryption is in use. Catastrophic data loss can result from poorly administered cryptography.'\n  desc  'rationale', ''\n  desc  'check', \"\n    By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.\n\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    Highlight each role and click the 'Privileges\\\" button in the right pane.\n\n    Verify that only the Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager and any site-specific cryptographic roles have the following permissions:\n\n    Cryptographic Operations privileges\n    Global.Diagnostics\n    Host.Inventory.Add host to cluster\n    Host.Inventory.Add standalone host\n    Host.Local operations.Manage user groups\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    $roles = Get-VIRole\n    ForEach($role in $roles){\n        $privileges = $role.PrivilegeList\n        If($privileges -match \\\"Crypto*\\\" -or $privileges -match \\\"Global.Diagnostics\\\" -or $privileges -match \\\"Host.Inventory.Add*\\\" -or $privileges -match \\\"Host.Local operations.Manage user groups\\\"){\n        Write-Host \\\"$role has Cryptographic privileges\\\"\n        }\n    }\n\n    If any role other than the four default roles contain the permissions listed above and is not authorized to perform cryptographic related operations, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    Highlight the target custom role and click \\\"Edit\\\".\n\n    Remove the following permissions from any custom role that is not authorized to perform cryptographic related operations:\n\n    Cryptographic Operations privileges\n    Global.Diagnostics\n    Host.Inventory.Add host to cluster\n    Host.Inventory.Add standalone host\n    Host.Local operations.Manage user groups\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000285'\n  tag rid: 'SV-VCSA-80-000285'\n  tag stig_id: 'VCSA-80-000285'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vcCryptoRoles = input('vcCryptoRoles')\n\n  command = 'Get-VIRole | Where-Object {$_.PrivilegeList -match \"Crypto*\" -or $_.PrivilegeList -match \"Global.Diagnostics\" -or $_.PrivilegeList -match \"Host.Inventory.Add*\" -or $_.PrivilegeList -match \"Host.Local operations.Manage user groups\"} | Select-Object -ExpandProperty Name'\n  cryptoroles = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if !cryptoroles.empty?\n    cryptoroles.each do |cryptorole|\n      describe cryptorole do\n        subject { cryptorole }\n        it { should be_in vcCryptoRoles }\n      end\n    end\n  else\n    describe 'No roles found with crypto permissions...skipping tests.' do\n      skip 'No roles found with crypto permissions...skipping tests.'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST NoTrustedAdmin is expected to be in "Admin", "NoTrustedAdmin", "vCLSAdmin", and "vSphereKubernetesManager"
 --------------------------------
-passed
-PowerCLI Command: (Get-View -Id &#39;OptionManager-VpxSettings&#39;).setting | Where-Object {$_.key -match &#39;snmp.receiver.2.enabled&#39;} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Admin is expected to be in "Admin", "NoTrustedAdmin", "vCLSAdmin", and "vSphereKubernetesManager"
 --------------------------------
-passed
-PowerCLI Command: (Get-View -Id &#39;OptionManager-VpxSettings&#39;).setting | Where-Object {$_.key -match &#39;snmp.receiver.3.enabled&#39;} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST vSphereKubernetesManager is expected to be in "Admin", "NoTrustedAdmin", "vCLSAdmin", and "vSphereKubernetesManager"
 --------------------------------
-passed
-PowerCLI Command: (Get-View -Id &#39;OptionManager-VpxSettings&#39;).setting | Where-Object {$_.key -match &#39;snmp.receiver.4.enabled&#39;} | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000266</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000266</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000266</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By requiring that Single Sign-On (SSO) accounts be unlocked manually, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. When the account unlock time is set to zero, once an account is locked it can only be unlocked manually by an administrator.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
-
-View the value of the &quot;Unlock time&quot; setting.
-
-Unlock time: 0 seconds
-
-If the lockout policy is not configured with &quot;Unlock time&quot; policy of &quot;0&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Local Accounts &gt;&gt; Lockout Policy.
-
-Click &quot;Edit&quot;.
-
-Set the &quot;Unlock time&quot; to &quot;0&quot; and click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a0c43b5d-fc66-466b-a5a1-2a3c3a864b59</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-002238</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoLockoutPolicy).AutoUnlockIntervalSec stdout.strip is expected to cmp &#x3D;&#x3D; &quot;0&quot;
-
-expected: 0
-     got: 300
-
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000267</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000267</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000267</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable the distributed virtual switch health check.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Network health check is disabled by default. Once enabled, the health check packets contain information on host#, vds#, and port#, which an attacker would find useful. It is recommended that network health check be used for troubleshooting and turned off when troubleshooting is finished.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
-
-From the vSphere Client, go to &quot;Networking&quot;.
-
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.
-
-View the health check pane and verify the &quot;VLAN and MTU&quot; and &quot;Teaming and failover&quot; checks are &quot;Disabled&quot;.
-
-or
-
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
-
-$vds &#x3D; Get-VDSwitch
-$vds.ExtensionData.Config.HealthCheckConfig
-
-If the health check feature is enabled on distributed switches and is not on temporarily for troubleshooting purposes, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+passed :: TEST vCLSAdmin is expected to be in "Admin", "NoTrustedAdmin", "vCLSAdmin", and "vSphereKubernetesManager"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000286</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000286</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000286</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must have Mutual Challenge Handshake Authentication Protocol (CHAP) configured for vSAN Internet Small Computer System Interface (iSCSI) targets.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, the potential exists for a man-in-the-middle attack in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Health Check.
+From the vSphere Client, go to Host and Clusters.
 
-Click &quot;Edit&quot;.
+Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.
 
-Disable the &quot;VLAN and MTU&quot; and &quot;Teaming and failover&quot; checks.
+For each iSCSI target, review the value in the "Authentication" column.
 
-Click &quot;OK&quot;.
+If the Authentication method is not set to "CHAP_Mutual" for any iSCSI target, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-or
+Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+For each iSCSI target, select the item and click "Edit".
+
+Change the "Authentication" field to "Mutual CHAP" and configure the incoming and outgoing users and secrets appropriately.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000286' do\n  title 'The vCenter Server must have Mutual Challenge Handshake Authentication Protocol (CHAP) configured for vSAN Internet Small Computer System Interface (iSCSI) targets.'\n  desc  'When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, the potential exists for a man-in-the-middle attack in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.\n\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.\n\n    For each iSCSI target, review the value in the \\\"Authentication\\\" column.\n\n    If the Authentication method is not set to \\\"CHAP_Mutual\\\" for any iSCSI target, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.\n\n    For each iSCSI target, select the item and click \\\"Edit\\\".\n\n    Change the \\\"Authentication\\\" field to \\\"Mutual CHAP\\\" and configure the incoming and outgoing users and secrets appropriately.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000286'\n  tag rid: 'SV-VCSA-80-000286'\n  tag stig_id: 'VCSA-80-000286'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  clusters = powercli_command('Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  setimpact = true\n  if !clusters.empty?\n    clusters.each do |cluster|\n      iscsiEnabled = powercli_command(\"(Get-VsanClusterConfiguration -Cluster \\\"#{cluster}\\\").IscsiTargetServiceEnabled\").stdout.strip\n      if iscsiEnabled == 'True'\n        command = \"(Get-VsanClusterConfiguration -Cluster \\\"#{cluster}\\\").DefaultIscsiAuthenticationType\"\n        describe powercli_command(command) do\n          its('stdout.strip') { should cmp 'MutualChap' }\n        end\n        setimpact = false\n      else\n        describe \"vSAN iSCSI service not enabled on cluster: #{cluster}...this is not applicable.\" do\n          skip \"vSAN iSCSI service not enabled on cluster: #{cluster}...this is not applicable.\"\n        end\n      end\n    end\n  else\n    describe '' do\n      skip 'No vSAN enabled clusters found...this is not applicable.'\n    end\n  end\n  unless !setimpact\n    impact 0.0\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Applicable</STATUS>
+				<FINDING_DETAILS>skipped :: TEST vSAN iSCSI service not enabled on cluster: cluster0...this is not applicable. :: SKIP_MESSAGE vSAN iSCSI service not enabled on cluster: cluster0...this is not applicable.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000287</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000287</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000287</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The KEK for a vSAN encrypted datastore is generated by the Key Management Server (KMS) and serves as a wrapper and lock around the Disk Encryption Key (DEK). The DEK is generated by the host and is used to encrypt and decrypt the datastore. A shallow rekey is a procedure in which the KMS issues a new KEK to the ESXi host, which rewraps the DEK but does not change the DEK or any data on disk.
 
-Get-View -ViewType DistributedVirtualSwitch | ?{($_.config.HealthCheckConfig | ?{$_.enable -notmatch &quot;False&quot;})}| %{$_.UpdateDVSHealthCheckConfig(@((New-Object Vmware.Vim.VMwareDVSVlanMtuHealthCheckConfig -property @{enable&#x3D;0}),(New-Object Vmware.Vim.VMwareDVSTeamingHealthCheckConfig -property @{enable&#x3D;0})))}</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b956492c-21e3-4d2d-a0de-1e2cb841bd96</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Health check for VDSwitch STIG 1 is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-Health check for VDSwitch STIG 1 is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-Health check for VDSwitch STIG 2 is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-Health check for VDSwitch STIG 2 is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000268</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000268</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000268</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Forged Transmits policy to &quot;Reject&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the virtual machine operating system changes the Media Access Control (MAC) address, the operating system can send frames with an impersonated source MAC address at any time. This allows an operating system to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
+This operation must be done on a regular, site-defined interval and can be viewed as similar in criticality to changing an administrative password. If the KMS is compromised, a standing operational procedure to rekey will put a time limit on the usefulness of any stolen KMS data.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If vSAN is not in use, this is not applicable.
 
-When the &quot;Forged Transmits&quot; option is set to &quot;Accept&quot;, ESXi does not compare source and effective MAC addresses.
+Interview the system administrator (SA) to determine that a procedure has been put in place to perform a shallow rekey of all vSAN encrypted datastores at regular, site-defined intervals.
 
-To protect against MAC impersonation, set the &quot;Forged Transmits&quot; option to &quot;Reject&quot;. The host compares the source MAC address being transmitted by the guest operating system with the effective MAC address for its virtual machine adapter to determine if they match. If the addresses do not match, the ESXi host drops the packet.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+VMware recommends a 60-day rekey task, but this interval must be defined by the SA and the information system security officer (ISSO).
 
-From the vSphere Client, go to &quot;Networking&quot;.
+If vSAN encryption is not in use, this is not a finding.
 
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+If vSAN encryption is in use and a regular rekey procedure is not in place, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If vSAN encryption is in use, ensure that a regular rekey procedure is in place.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000287' do\n  title 'The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s).'\n  desc  \"\n    The KEK for a vSAN encrypted datastore is generated by the Key Management Server (KMS) and serves as a wrapper and lock around the Disk Encryption Key (DEK). The DEK is generated by the host and is used to encrypt and decrypt the datastore. A shallow rekey is a procedure in which the KMS issues a new KEK to the ESXi host, which rewraps the DEK but does not change the DEK or any data on disk.\n\n    This operation must be done on a regular, site-defined interval and can be viewed as similar in criticality to changing an administrative password. If the KMS is compromised, a standing operational procedure to rekey will put a time limit on the usefulness of any stolen KMS data.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If vSAN is not in use, this is not applicable.\n\n    Interview the system administrator (SA) to determine that a procedure has been put in place to perform a shallow rekey of all vSAN encrypted datastores at regular, site-defined intervals.\n\n    VMware recommends a 60-day rekey task, but this interval must be defined by the SA and the information system security officer (ISSO).\n\n    If vSAN encryption is not in use, this is not a finding.\n\n    If vSAN encryption is in use and a regular rekey procedure is not in place, this is a finding.\n  \"\n  desc 'fix', 'If vSAN encryption is in use, ensure that a regular rekey procedure is in place.'\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000287'\n  tag rid: 'SV-VCSA-80-000287'\n  tag stig_id: 'VCSA-80-000287'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000288</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000288</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000288</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an LDAP identity source.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>LDAP is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encrypted tunnel. To protect confidentiality of LDAP communications, secure LDAP (LDAPS) must be explicitly configured when adding an LDAP identity source in vSphere Single Sign-On (SSO).
+
+When configuring an identity source and supplying an SSL certificate, vCenter will enforce LDAPS. The server URLs do not need to be explicitly provided if an SSL certificate is uploaded.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If LDAP is not used as an identity provider, this is not applicable.
 
-Verify &quot;Forged Transmits&quot; is set to &quot;Reject&quot;.
+From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
 
-or
+Click the "Identity Sources" tab.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+For each identity source of type "Active Directory over LDAP", if the "Server URL" does not indicate "ldaps://", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
 
-Get-VDSwitch | Get-VDSecurityPolicy
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
+Click the "Identity Sources" tab.
+
+For each identity source of type "Active Directory over LDAP" where LDAPS is not configured, highlight the item and click "Edit".
+
+Ensure the primary and secondary server URLs, if specified, are configured for "ldaps://".
+
+At the bottom, click the "Browse" button, select the AD LDAP cert previously exported to your local computer, click "Open", and "Save" to complete modifications.
+
+Note: With LDAPS, the server must be a specific domain controller and its specific certificate or the domain alias with a certificate that is valid for that URL.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000288' do\n  title 'The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an LDAP identity source.'\n  desc  \"\n    LDAP is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encrypted tunnel. To protect confidentiality of LDAP communications, secure LDAP (LDAPS) must be explicitly configured when adding an LDAP identity source in vSphere Single Sign-On (SSO).\n\n    When configuring an identity source and supplying an SSL certificate, vCenter will enforce LDAPS. The server URLs do not need to be explicitly provided if an SSL certificate is uploaded.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If LDAP is not used as an identity provider, this is not applicable.\n\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.\n\n    Click the \\\"Identity Sources\\\" tab.\n\n    For each identity source of type \\\"Active Directory over LDAP\\\", if the \\\"Server URL\\\" does not indicate \\\"ldaps://\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.\n\n    Click the \\\"Identity Sources\\\" tab.\n\n    For each identity source of type \\\"Active Directory over LDAP\\\" where LDAPS is not configured, highlight the item and click \\\"Edit\\\".\n\n    Ensure the primary and secondary server URLs, if specified, are configured for \\\"ldaps://\\\".\n\n    At the bottom, click the \\\"Browse\\\" button, select the AD LDAP cert previously exported to your local computer, click \\\"Open\\\", and \\\"Save\\\" to complete modifications.\n\n    Note: With LDAPS, the server must be a specific domain controller and its specific certificate or the domain alias with a certificate that is valid for that URL.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000288'\n  tag rid: 'SV-VCSA-80-000288'\n  tag stig_id: 'VCSA-80-000288'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000290</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000290</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000290</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must limit membership to the "SystemConfiguration.BashShellAdministrators" Single Sign-On (SSO) group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter SSO integrates with PAM in the underlying Photon operating system so members of the "SystemConfiguration.BashShellAdministrators" SSO group can log on to the operating system without needing a separate account. However, even though unique SSO users log on, they are transparently using a group account named "sso-user" as far as Photon auditing is concerned. While the audit trail can still be traced back to the individual SSO user, it is a more involved process.
+
+To force accountability and nonrepudiation, the SSO group "SystemConfiguration.BashShellAdministrators" must be severely restricted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
 
-If the &quot;Forged Transmits&quot; policy is set to accept for a non-uplink port, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+Click the next page arrow until the "SystemConfiguration.BashShellAdministrators" group appears.
 
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Click "SystemConfiguration.BashShellAdministrators".
 
-Click &quot;Edit&quot;.
+Review the members of the group and ensure that only authorized accounts are present.
 
-Click the &quot;Security&quot; tab.
+Note: By default the Administrator and a unique service account similar to "vmware-applmgmtservice-714684a4-342f-4eff-a232-cdc21def00c2" will be in the group and should not be removed.
 
-Set &quot;Forged Transmits&quot; to &quot;Reject&quot;.
+If there are any accounts present as members of SystemConfiguration.BashShellAdministrators that are not authorized, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
 
-Click &quot;OK&quot;.
+Click the next page arrow until the "SystemConfiguration.BashShellAdministrators" group appears.
 
-or
+Click "SystemConfiguration.BashShellAdministrators".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+Click the three vertical dots next to the name of each unauthorized account.
 
-Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9ad6245b-0d22-4f13-8bc6-5f8a22063b4c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+Select "Remove Member".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000290' do\n  title 'The vCenter Server must limit membership to the \"SystemConfiguration.BashShellAdministrators\" Single Sign-On (SSO) group.'\n  desc  \"\n    vCenter SSO integrates with PAM in the underlying Photon operating system so members of the \\\"SystemConfiguration.BashShellAdministrators\\\" SSO group can log on to the operating system without needing a separate account. However, even though unique SSO users log on, they are transparently using a group account named \\\"sso-user\\\" as far as Photon auditing is concerned. While the audit trail can still be traced back to the individual SSO user, it is a more involved process.\n\n    To force accountability and nonrepudiation, the SSO group \\\"SystemConfiguration.BashShellAdministrators\\\" must be severely restricted.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.\n\n    Click the next page arrow until the \\\"SystemConfiguration.BashShellAdministrators\\\" group appears.\n\n    Click \\\"SystemConfiguration.BashShellAdministrators\\\".\n\n    Review the members of the group and ensure that only authorized accounts are present.\n\n    Note: By default the Administrator and a unique service account similar to \\\"vmware-applmgmtservice-714684a4-342f-4eff-a232-cdc21def00c2\\\" will be in the group and should not be removed.\n\n    If there are any accounts present as members of SystemConfiguration.BashShellAdministrators that are not authorized, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.\n\n    Click the next page arrow until the \\\"SystemConfiguration.BashShellAdministrators\\\" group appears.\n\n    Click \\\"SystemConfiguration.BashShellAdministrators\\\".\n\n    Click the three vertical dots next to the name of each unauthorized account.\n\n    Select \\\"Remove Member\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000290'\n  tag rid: 'SV-VCSA-80-000290'\n  tag stig_id: 'VCSA-80-000290'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  bashShellAdminUsers = input('bashShellAdminUsers')\n  # Get appliance management user and add to list of authorized users. Unique to each vCenter.\n  applmgmtuser = powercli_command('Get-SsoGroup -Domain vsphere.local -Name applmgmtSvcUsers | Get-SsoPersonUser | Select-Object -ExpandProperty Name').stdout.strip\n  bashShellAdminUsers.push(applmgmtuser)\n  users = powercli_command('Get-SsoGroup -Domain vsphere.local -Name SystemConfiguration.BashShellAdministrators | Get-SsoPersonUser | Select-Object -ExpandProperty Name')\n  if users.stdout.empty?\n    describe 'Stderr should be empty if no users found' do\n      subject { users.stderr }\n      it { should be_empty }\n    end\n    describe 'No users found in SystemConfiguration.BashShellAdministrators' do\n      subject { users.stdout }\n      it { should be_empty }\n    end\n  else\n    users.stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\").each do |user|\n      describe user do\n        it { should be_in bashShellAdminUsers }\n      end\n    end\n  end\n  bashShellAdminGroups = input('bashShellAdminGroups')\n  groups = powercli_command('Get-SsoGroup -Domain vsphere.local -Name SystemConfiguration.BashShellAdministrators | Get-SsoGroup | Select-Object -ExpandProperty Name')\n  if groups.stdout.empty?\n    describe 'Stderr should be empty if no groups found' do\n      subject { groups.stderr }\n      it { should be_empty }\n    end\n    describe 'No groups found in SystemConfiguration.BashShellAdministrators' do\n      subject { groups.stdout }\n      it { should be_empty }\n    end\n  else\n    groups.stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\").each do |group|\n      describe group do\n        it { should be_in bashShellAdminGroups }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Administrator is expected to be in "Administrator" and "vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+passed :: TEST vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d is expected to be in "Administrator" and "vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+passed :: TEST Stderr should be empty if no groups found is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty ForgedTransmits stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000269</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000269</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000269</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to &quot;Reject&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. This allows it to stage malicious attacks on the devices in a network by impersonating a network adaptor authorized by the receiving network.
-
-This will prevent virtual machines from changing their effective MAC address and will affect applications that require this functionality. This will also affect how a layer 2 bridge will operate and will affect applications that require a specific MAC address for licensing.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
-
-From the vSphere Client, go to &quot;Networking&quot;.
-
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
-
-Verify &quot;MAC Address Changes&quot; is set to &quot;Reject&quot;.
-
-or
-
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
-
-Get-VDSwitch | Get-VDSecurityPolicy
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
+passed :: TEST No groups found in SystemConfiguration.BashShellAdministrators is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000291</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vSphere "TrustedAdmins" group grants additional rights to administer the vSphere Trust Authority feature.
+
+To force accountability and nonrepudiation, the SSO group "TrustedAdmins" must be severely restricted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
 
-If the &quot;MAC Address Changes&quot; policy is set to accept, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+Click the next page arrow until the "TrustedAdmins" group appears.
 
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Click "TrustedAdmins".
 
-Click &quot;Edit&quot;.
+Review the members of the group and ensure that only authorized accounts are present.
 
-Click the &quot;Security&quot; tab.
+Note: These accounts act as root on the Photon operating system and have the ability to severely damage vCenter, inadvertently or otherwise.
 
-Set &quot;MAC Address Changes&quot; to &quot;Reject&quot;.
+If there are any accounts present as members of TrustedAdmins that are not authorized, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
 
-Click &quot;OK&quot;.
+Click the next page arrow until the "TrustedAdmins" group appears.
 
-or
+Click "TrustedAdmins".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+Click the three vertical dots next to the name of each unauthorized account.
 
-Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -MacChanges $false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a11a2b95-a934-405e-ac40-668586c38781</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+Select "Remove Member".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000291' do\n  title 'The vCenter Server must limit membership to the \"TrustedAdmins\" Single Sign-On (SSO) group.'\n  desc  \"\n    The vSphere \\\"TrustedAdmins\\\" group grants additional rights to administer the vSphere Trust Authority feature.\n\n    To force accountability and nonrepudiation, the SSO group \\\"TrustedAdmins\\\" must be severely restricted.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.\n\n    Click the next page arrow until the \\\"TrustedAdmins\\\" group appears.\n\n    Click \\\"TrustedAdmins\\\".\n\n    Review the members of the group and ensure that only authorized accounts are present.\n\n    Note: These accounts act as root on the Photon operating system and have the ability to severely damage vCenter, inadvertently or otherwise.\n\n    If there are any accounts present as members of TrustedAdmins that are not authorized, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.\n\n    Click the next page arrow until the \\\"TrustedAdmins\\\" group appears.\n\n    Click \\\"TrustedAdmins\\\".\n\n    Click the three vertical dots next to the name of each unauthorized account.\n\n    Select \\\"Remove Member\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000291'\n  tag rid: 'SV-VCSA-80-000291'\n  tag stig_id: 'VCSA-80-000291'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  trustedAdminUsers = input('trustedAdminUsers')\n  users = powercli_command('Get-SsoGroup -Domain vsphere.local -Name TrustedAdmins | Get-SsoPersonUser | Select-Object -ExpandProperty Name')\n  if users.stdout.empty?\n    describe 'Stderr should be empty if no users found' do\n      subject { users.stderr }\n      it { should be_empty }\n    end\n    describe 'No users found in TrustedAdmins' do\n      subject { users.stdout }\n      it { should be_empty }\n    end\n  else\n    users.stdout.split.each do |user|\n      describe user do\n        it { should be_in trustedAdminUsers }\n      end\n    end\n  end\n  trustedAdminGroups = input('trustedAdminGroups')\n  groups = powercli_command('Get-SsoGroup -Domain vsphere.local -Name TrustedAdmins | Get-SsoGroup | Select-Object -ExpandProperty Name')\n  if groups.stdout.empty?\n    describe 'Stderr should be empty if no groups found' do\n      subject { groups.stderr }\n      it { should be_empty }\n    end\n    describe 'No groups found in TrustedAdmins' do\n      subject { groups.stdout }\n      it { should be_empty }\n    end\n  else\n    groups.stdout.split.each do |group|\n      describe group do\n        it { should be_in trustedAdminGroups }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Stderr should be empty if no users found is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+passed :: TEST No users found in TrustedAdmins is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+passed :: TEST Stderr should be empty if no groups found is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty MacChanges stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000270</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must set the distributed port group Promiscuous Mode policy to &quot;Reject&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When promiscuous mode is enabled for a virtual switch, all virtual machines connected to the port group have the potential of reading all packets across that network, meaning only the virtual machines connected to that port group.
-
-Promiscuous mode is disabled by default on the ESXi Server, and this is the recommended setting.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
-
-From the vSphere Client, go to &quot;Networking&quot;.
-
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
-
-Verify &quot;Promiscuous Mode&quot; is set to &quot;Reject&quot;.
+passed :: TEST No groups found in TrustedAdmins is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000292</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000292</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000292</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server configuration must be backed up on a regular basis.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter server is the control plane for the vSphere infrastructure and all the workloads it hosts. As such, vCenter is usually a highly critical system in its own right. Backups of vCenter can now be made at a data and configuration level versus traditional storage/image-based backups. This reduces recovery time by letting the system administrator (SA) spin up a new vCenter while simultaneously importing the backed-up data.
+
+For sites that implement the Native Key Provider (NKP), introduced in 7.0 Update 2, regular vCenter backups are critical. In a recovery scenario where the virtual machine files are intact but vCenter was lost, the encrypted virtual machines will not be able to boot as their private keys were stored in vCenter after it was last backed up. When using the NKP, vCenter becomes critical to the virtual machine workloads and ceases to be just the control plane.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Option 1:
 
-or
+If vCenter is backed up in a traditional manner, at the storage array level, interview the SA to determine configuration and schedule.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+Option 2:
 
-Get-VDSwitch | Get-VDSecurityPolicy
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
+For vCenter native backup functionality, open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.
 
-If the &quot;Promiscuous Mode&quot; policy is set to accept, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
 
-Select a distributed switch &gt;&gt; Select a port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Select "Backup" on the left navigation pane.
 
-Click &quot;Edit&quot;.
+On the resulting pane on the right, verify the "Status" is "Enabled".
 
-Click the &quot;Security&quot; tab.
+Click "Status" to expand the backup details.
 
-Set &quot;Promiscuous Mode&quot; to &quot;Reject&quot;.
+If vCenter server backups are not configured and there is no other vCenter backup system, this is a finding.
 
-Click &quot;OK&quot;.
+If the backup configuration is not set to a proper, reachable location or if the schedule is anything less frequent than "Daily", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Option 1:
 
-or
+Implement and document a VMware-supported storage/image-based backup schedule.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+Option 2:
 
-Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false
-Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>2475340e-936a-48a7-84e2-0ca5fd3df10a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;) | Get-VDSecurityPolicy | Select-Object -ExpandProperty AllowPromiscuous stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000271</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000271</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000271</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must only send NetFlow traffic to authorized collectors.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The distributed virtual switch can export NetFlow information about traffic crossing the switch. NetFlow exports are not encrypted and can contain information about the virtual network, making it easier for a man-in-the-middle attack to be executed successfully. If NetFlow export is required, verify that all NetFlow target Internet Protocols (IPs) are correct.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+To configure vCenter native backup functionality, open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.
 
-To view NetFlow Collector IPs configured on distributed switches:
+Log in with local operating system administrative credentials or with an SSO account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Select "Backup" on the left navigation pane.
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.
+On the resulting pane on the right, click "Configure" (or "Edit" for an existing configuration).
 
-View the NetFlow pane and verify any collector IP addresses are valid and in use for troubleshooting.
+Enter site-specific information for the backup job.
 
-or
+Ensure "Schedule" is set to "Daily". Limiting the number of retained backups is recommended but not required.
+
+Click "Create".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000292' do\n  title 'The vCenter server configuration must be backed up on a regular basis.'\n  desc  \"\n    vCenter server is the control plane for the vSphere infrastructure and all the workloads it hosts. As such, vCenter is usually a highly critical system in its own right. Backups of vCenter can now be made at a data and configuration level versus traditional storage/image-based backups. This reduces recovery time by letting the system administrator (SA) spin up a new vCenter while simultaneously importing the backed-up data.\n\n    For sites that implement the Native Key Provider (NKP), introduced in 7.0 Update 2, regular vCenter backups are critical. In a recovery scenario where the virtual machine files are intact but vCenter was lost, the encrypted virtual machines will not be able to boot as their private keys were stored in vCenter after it was last backed up. When using the NKP, vCenter becomes critical to the virtual machine workloads and ceases to be just the control plane.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Option 1:\n\n    If vCenter is backed up in a traditional manner, at the storage array level, interview the SA to determine configuration and schedule.\n\n    Option 2:\n\n    For vCenter native backup functionality, open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Backup\\\" on the left navigation pane.\n\n    On the resulting pane on the right, verify the \\\"Status\\\" is \\\"Enabled\\\".\n\n    Click \\\"Status\\\" to expand the backup details.\n\n    If vCenter server backups are not configured and there is no other vCenter backup system, this is a finding.\n\n    If the backup configuration is not set to a proper, reachable location or if the schedule is anything less frequent than \\\"Daily\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    Option 1:\n\n    Implement and document a VMware-supported storage/image-based backup schedule.\n\n    Option 2:\n\n    To configure vCenter native backup functionality, open the VAMI by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with an SSO account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Backup\\\" on the left navigation pane.\n\n    On the resulting pane on the right, click \\\"Configure\\\" (or \\\"Edit\\\" for an existing configuration).\n\n    Enter site-specific information for the backup job.\n\n    Ensure \\\"Schedule\\\" is set to \\\"Daily\\\". Limiting the number of retained backups is recommended but not required.\n\n    Click \\\"Create\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000292'\n  tag rid: 'SV-VCSA-80-000292'\n  tag stig_id: 'VCSA-80-000292'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  if input('backup3rdParty')\n    describe '3rd party backups indicated. This check is a manual or policy based check and must be reviewed manually.' do\n      skip '3rd party backups indicated. This check is a manual or policy based check and must be reviewed manually.'\n    end\n  else\n    command = '(Invoke-ListRecoveryBackupSchedules).default.enable'\n    backupsenabled = powercli_command(command).stdout.strip\n\n    describe 'File based backups should be enabled.' do\n      subject { backupsenabled }\n      it { should cmp 'true' }\n    end\n\n    if backupsenabled == 'True'\n      # check that backups are scheduled daily. if so the days configuration will be empty\n      # if a custom schedule is specified and every day is selected this will fail and that should be changed to daily\n      backupschedule = powercli_command('(Invoke-ListRecoveryBackupSchedules).default.recurrence_info.days').stdout.strip\n      describe 'Backups should be scheduled daily.' do\n        subject { backupschedule }\n        it { should cmp '' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST File based backups should be enabled. is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: 
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000293</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000293</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000293</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must have task and event retention set to at least 30 days.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real time, it is important that administrators have quick access to this information when needed.
 
-Get-VDSwitch | select Name,@{N&#x3D;&quot;NetFlowCollectorIPs&quot;;E&#x3D;{$_.ExtensionData.config.IpfixConfig.CollectorIpAddress}}
+vCenter retains 30 days of tasks and events by default, and this is sufficient for most purposes. The vCenter disk partitions are also sized with this in mind. Decreasing is not recommended for operational reasons, while increasing is not recommended unless guided by VMware support due to the partition sizing concerns.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-To view if NetFlow is enabled on any distributed port groups:
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Click to expand the "Database" section.
 
-Select a distributed port group &gt;&gt; Manage &gt;&gt; Settings &gt;&gt; Policies.
+Note the "Task retention" and "Event retention" values.
 
-Go to &quot;Monitoring&quot; and view the NetFlow status.
+If either value is configured to less than "30" days, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-or
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Click "Edit".
+
+On the "Database" tab, set the value for both "Task retention" and "Event retention" to "30" days (default) or greater, as required by your site.
+
+Click "Save".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000293' do\n  title 'The vCenter server must have task and event retention set to at least 30 days.'\n  desc  \"\n    vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real time, it is important that administrators have quick access to this information when needed.\n\n    vCenter retains 30 days of tasks and events by default, and this is sufficient for most purposes. The vCenter disk partitions are also sized with this in mind. Decreasing is not recommended for operational reasons, while increasing is not recommended unless guided by VMware support due to the partition sizing concerns.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.\n\n    Click to expand the \\\"Database\\\" section.\n\n    Note the \\\"Task retention\\\" and \\\"Event retention\\\" values.\n\n    If either value is configured to less than \\\"30\\\" days, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.\n\n    Click \\\"Edit\\\".\n\n    On the \\\"Database\\\" tab, set the value for both \\\"Task retention\\\" and \\\"Event retention\\\" to \\\"30\\\" days (default) or greater, as required by your site.\n\n    Click \\\"Save\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000293'\n  tag rid: 'SV-VCSA-80-000293'\n  tag stig_id: 'VCSA-80-000293'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name event.maxAge | Select-Object -ExpandProperty Value'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= '30' }\n  end\n  command = 'Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name task.maxAge | Select-Object -ExpandProperty Value'\n  describe powercli_command(command) do\n    its('stdout.strip') { should cmp &gt;= '30' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name event.maxAge | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &gt;= "30"
+--------------------------------
+passed :: TEST PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name task.maxAge | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &gt;= "30"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000294</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000294</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000294</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server Native Key Provider must be backed up with a strong password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Native Key Provider feature was introduced in 7.0 U2 and acts as a key provider for encryption based capabilities such as encrypted virtual machines without requiring an external KMS solution.  When enabling this feature a backup must be taken which is a PKCS#12 formatted file and if no password is provided during the backup process this presents the opportunity for this to be used maliciously and compromise the environment.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the vCenter Native Key Provider feature is not in use, this is not applicable.
 
-Get-VDPortgroup | Select Name,VirtualSwitch,@{N&#x3D;&quot;NetFlowEnabled&quot;;E&#x3D;{$_.Extensiondata.Config.defaultPortConfig.ipfixEnabled.Value}}
+Interview the system administrator and determine if a password was provided for any backups taken of the Native Key Provider.
 
-If NetFlow is configured and the collector IP is not known and documented, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To remove collector IPs, do the following:
+If backups exist for the Native Key Provider that are not password protected, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Key Providers.
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; NetFlow.
+Select the Native Key Provider, click "Back-up", and check the box "Protect Native Key Provider data with password".
+
+Provide a strong password and click "Back up key provider".
+
+Delete any previous backups that were not protected with a password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000294' do\n  title 'The vCenter server Native Key Provider must be backed up with a strong password.'\n  desc  'The vCenter Native Key Provider feature was introduced in 7.0 U2 and acts as a key provider for encryption based capabilities such as encrypted virtual machines without requiring an external KMS solution.  When enabling this feature a backup must be taken which is a PKCS#12 formatted file and if no password is provided during the backup process this presents the opportunity for this to be used maliciously and compromise the environment.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If the vCenter Native Key Provider feature is not in use, this is not applicable.\n\n    Interview the system administrator and determine if a password was provided for any backups taken of the Native Key Provider.\n\n    If backups exist for the Native Key Provider that are not password protected, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Key Providers.\n\n    Select the Native Key Provider, click \\\"Back-up\\\", and check the box \\\"Protect Native Key Provider data with password\\\".\n\n    Provide a strong password and click \\\"Back up key provider\\\".\n\n    Delete any previous backups that were not protected with a password.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000294'\n  tag rid: 'SV-VCSA-80-000294'\n  tag stig_id: 'VCSA-80-000294'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000295</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000295</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000295</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must require authentication for published content libraries.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. When publishing a content library it can be protected by requiring authentication for subscribers.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
 
-Click &quot;Edit&quot;.
+Review the "Password Protected" column.
 
-Remove any unknown collector IPs.
+If a content library is published and is not password protected, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
 
-or
+Select the target content library.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+Select "Actions" then "Edit Settings".
+
+Click the checkbox to "Enable user authentication for access to this content library".
+
+Enter and confirm a password for the content library. Click "Ok".
+
+Note: Any subscribed content libraries will need to be updated to enable authentication and provide the password.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000295' do\n  title 'The vCenter server must require authentication for published content libraries.'\n  desc  'In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. When publishing a content library it can be protected by requiring authentication for subscribers.'\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Content Libraries.\n\n    Review the \\\"Password Protected\\\" column.\n\n    If a content library is published and is not password protected, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Content Libraries.\n\n    Select the target content library.\n\n    Select \\\"Actions\\\" then \\\"Edit Settings\\\".\n\n    Click the checkbox to \\\"Enable user authentication for access to this content library\\\".\n\n    Enter and confirm a password for the content library. Click \\\"Ok\\\".\n\n    Note: Any subscribed content libraries will need to be updated to enable authentication and provide the password.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000295'\n  tag rid: 'SV-VCSA-80-000295'\n  tag stig_id: 'VCSA-80-000295'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-ContentLibrary | Select-Object -ExpandProperty Id'\n  libraries = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  setimpact = true\n  if !libraries.empty?\n    libraries.each do |library|\n      libinfo = powercli_command(\"Invoke-GetLibraryIdContent #{library} | ConvertTo-Json\").stdout\n      libinfojson = JSON.parse(libinfo)\n      if libinfojson['publish_info']['published'] == true\n        describe \"Authentication should be enabled on Content Library: #{libinfojson['name']}\" do\n          subject { libinfojson }\n          its(['publish_info', 'authentication_method']) { should cmp 'BASIC' }\n        end\n        setimpact = false\n      else\n        describe \"Publishing not enabled on Content Library: #{libinfojson['name']}. This control is not applicable.\" do\n          skip \"Publishing not enabled on Content Library: #{libinfojson['name']}. This control is not applicable.\"\n        end\n      end\n    end\n  else\n    describe '' do\n      skip 'No content libraries found. This control is not applicable.'\n    end\n  end\n  unless !setimpact\n    impact 0.0\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST Authentication should be enabled on Content Library: STIG Content Library ["publish_info", "authentication_method"] is expected to cmp == "BASIC" :: MESSAGE 
+expected: BASIC
+     got: NONE
 
-$dvs &#x3D; Get-VDSwitch dvswitch | Get-View
-ForEach($vs in $dvs){
-$spec &#x3D; New-Object VMware.Vim.VMwareDVSConfigSpec
-$spec.configversion &#x3D; $vs.Config.ConfigVersion
-$spec.IpfixConfig &#x3D; New-Object VMware.Vim.VMwareIpfixConfig
-$spec.IpfixConfig.CollectorIpAddress &#x3D; &quot;&quot;
-$spec.IpfixConfig.CollectorPort &#x3D; &quot;0&quot;
-$spec.IpfixConfig.ActiveFlowTimeout &#x3D; &quot;60&quot;
-$spec.IpfixConfig.IdleFlowTimeout &#x3D; &quot;15&quot;
-$spec.IpfixConfig.SamplingRate &#x3D; &quot;0&quot;
-$spec.IpfixConfig.InternalFlowsOnly &#x3D; $False
-$vs.ReconfigureDvs_Task($spec)
-}
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000296</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000296</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000296</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter server must enable the OVF security policy for content libraries.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale.
 
-Note: This will reset the NetFlow collector configuration back to the defaults.
+You can protect the OVF items by applying default OVF security policy to a content library. The OVF security policy enforces strict validation on OVF items when you deploy or update the item, import items, or synchronize OVF and OVA templates. To make sure that the OVF and OVA templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
 
-To disable NetFlow on a distributed port group, do the following:
+Review the "Security Policy" column.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+If a content library does not have the "OVF default policy" enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
 
-Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Select the target content library.
 
-Click &quot;Edit&quot;.
+Select "Actions" then "Edit Settings".
+
+Click the checkbox to "Apply Security Policy". Click "OK".
+
+Note: If you disable the security policy of a content library, you cannot reuse the existing OVF items.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000296' do\n  title 'The vCenter server must enable the OVF security policy for content libraries.'\n  desc  \"\n    In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale.\n\n    You can protect the OVF items by applying default OVF security policy to a content library. The OVF security policy enforces strict validation on OVF items when you deploy or update the item, import items, or synchronize OVF and OVA templates. To make sure that the OVF and OVA templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Content Libraries.\n\n    Review the \\\"Security Policy\\\" column.\n\n    If a content library does not have the \\\"OVF default policy\\\" enabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Content Libraries.\n\n    Select the target content library.\n\n    Select \\\"Actions\\\" then \\\"Edit Settings\\\".\n\n    Click the checkbox to \\\"Apply Security Policy\\\". Click \\\"OK\\\".\n\n    Note: If you disable the security policy of a content library, you cannot reuse the existing OVF items.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000296'\n  tag rid: 'SV-VCSA-80-000296'\n  tag stig_id: 'VCSA-80-000296'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-ContentLibrary | Select-Object -ExpandProperty Id'\n  libraries = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  setimpact = true\n  if !libraries.empty?\n    libraries.each do |library|\n      libinfo = powercli_command(\"Invoke-GetLibraryIdContent #{library} | ConvertTo-Json\").stdout\n      libinfojson = JSON.parse(libinfo)\n      describe \"OVF security policy should be enabled on Content Library: #{libinfojson['name']}\" do\n        subject { libinfojson }\n        its(['security_policy_id']) { should_not be nil }\n      end\n      setimpact = false\n    end\n  else\n    describe '' do\n      skip 'No content libraries found. This control is not applicable.'\n    end\n  end\n  unless !setimpact\n    impact 0.0\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST OVF security policy should be enabled on Content Library: STIG Content Library ["security_policy_id"] is expected not to equal nil :: MESSAGE 
+expected not #&lt;NilClass:8&gt; =&gt; nil
+         got #&lt;NilClass:8&gt; =&gt; nil
+
+Compared using equal?, which compares object identity.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000298</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000298</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000298</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must separate authentication and authorization for administrators.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Many organizations do both authentication and authorization using a centralized directory service such as Active Directory. Attackers who compromise an identity source can often add themselves to authorization groups, and simply log into systems they should not otherwise have access to. Additionally, reliance on central identity systems means that the administrators of those systems are potentially infrastructure administrators, too, as they can add themselves to infrastructure access groups at will.
 
-Click the &quot;Monitoring&quot; tab.
+The use of local SSO groups for authorization helps prevent this avenue of attack by allowing the centralized identity source to still authenticate users but moving authorization into vCenter itself.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
 
-Change &quot;NetFlow&quot; to &quot;Disabled&quot;.
+View the Administrator role and any other role providing administrative access to vCenter to verify the users and/or groups assigned to it by clicking on "Usage".
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
-
-$pgs &#x3D; Get-VDPortgroup | Get-View
-ForEach($pg in $pgs){
-$spec &#x3D; New-Object VMware.Vim.DVPortgroupConfigSpec
-$spec.configversion &#x3D; $pg.Config.ConfigVersion
-$spec.defaultPortConfig &#x3D; New-Object VMware.Vim.VMwareDVSPortSetting
-$spec.defaultPortConfig.ipfixEnabled &#x3D; New-Object VMware.Vim.BoolPolicy
-$spec.defaultPortConfig.ipfixEnabled.inherited &#x3D; $false
-$spec.defaultPortConfig.ipfixEnabled.value &#x3D; $false
-$pg.ReconfigureDVPortgroup_Task($spec)
-}</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a737d250-e7ad-4b0e-adac-a7efd7848b06</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-
-Ipfix CollectorIpAddress not configured...skipping VDSwitch STIG 1.
---------------------------------
-skipped
-
-Ipfix CollectorIpAddress not configured...skipping VDSwitch STIG 2.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000272</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000272</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000272</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must configure all port groups to a value other than that of the native virtual local area network (VLAN).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ESXi does not use the concept of native VLAN. Frames with VLAN specified in the port group will have a tag, but frames with VLAN not specified in the port group are not tagged and therefore will end up belonging to native VLAN of the physical switch.
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-For example, frames on VLAN 1 from a Cisco physical switch will be untagged, because this is considered as the native VLAN. However, frames from ESXi specified as VLAN 1 will be tagged with a &quot;1&quot;; therefore, traffic from ESXi that is destined for the native VLAN will not be correctly routed (because it is tagged with a &quot;1&quot; instead of being untagged), and traffic from the physical switch coming from the native VLAN will not be visible (because it is not tagged).
+Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
 
-If the ESXi virtual switch port group uses the native VLAN ID, traffic from those virtual machines will not be visible to the native VLAN on the switch, because the switch is expecting untagged traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+If any user or group is directly assigned a role with administrative access to vCenter that is from an identity provider, this is a finding.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Note: Users and/or groups assigned to roles should be from the "VSPHERE.LOCAL" identity source.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>To add groups from an identity provider to the local SSO Administrators group, as an example, do the following:
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Groups.
 
-Review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
+Select the Administrators group and click "Edit".
 
-or
+In the "Add Members" section, select the identity source and type the name of the target user/group in the search bar.
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Select the target user/group to add them and click "Save".
 
-Get-VDPortgroup | select Name, VlanConfiguration
+Note: A new SSO group or groups can be created as needed and used to provide authorization to vCenter.
 
-If any port group is configured with the native VLAN of the ESXi hosts attached physical switch, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+To remove identity provider users/groups from a role, do the following:
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.
 
-Click &quot;Edit&quot;.
+Select the offending user/group and click "Delete".
+
+Note: If permissions are assigned on a specific object, then the role must be updated where it is assigned (for example, at the cluster level).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000298' do\n  title 'The vCenter Server must separate authentication and authorization for administrators.'\n  desc  \"\n    Many organizations do both authentication and authorization using a centralized directory service such as Active Directory. Attackers who compromise an identity source can often add themselves to authorization groups, and simply log into systems they should not otherwise have access to. Additionally, reliance on central identity systems means that the administrators of those systems are potentially infrastructure administrators, too, as they can add themselves to infrastructure access groups at will.\n\n    The use of local SSO groups for authorization helps prevent this avenue of attack by allowing the centralized identity source to still authenticate users but moving authorization into vCenter itself.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.\n\n    View the Administrator role and any other role providing administrative access to vCenter to verify the users and/or groups assigned to it by clicking on \\\"Usage\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto\n\n    If any user or group is directly assigned a role with administrative access to vCenter that is from an identity provider, this is a finding.\n\n    Note: Users and/or groups assigned to roles should be from the \\\"VSPHERE.LOCAL\\\" identity source.\n  \"\n  desc 'fix', \"\n    To add groups from an identity provider to the local SSO Administrators group, as an example, do the following:\n\n    From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Groups.\n\n    Select the Administrators group and click \\\"Edit\\\".\n\n    In the \\\"Add Members\\\" section, select the identity source and type the name of the target user/group in the search bar.\n\n    Select the target user/group to add them and click \\\"Save\\\".\n\n    Note: A new SSO group or groups can be created as needed and used to provide authorization to vCenter.\n\n    To remove identity provider users/groups from a role, do the following:\n\n    From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.\n\n    Select the offending user/group and click \\\"Delete\\\".\n\n    Note: If permissions are assigned on a specific object, then the role must be updated where it is assigned (for example, at the cluster level).\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000298'\n  tag rid: 'SV-VCSA-80-000298'\n  tag stig_id: 'VCSA-80-000298'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe 'This check is a manual or policy based check and must be reviewed manually.' do\n    skip 'This check is a manual or policy based check and must be reviewed manually.'\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS>skipped :: TEST This check is a manual or policy based check and must be reviewed manually. :: SKIP_MESSAGE This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000299</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000299</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000299</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable CDP/LLDP on distributed switches.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vSphere Distributed Virtual Switch can participate in Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP), as a listener, advertiser, or both. The information is sensitive, including IP addresses, system names, software versions, and more. It can be used by an adversary to gain a better understanding of your environment, and to impersonate devices. It is also transmitted unencrypted on the network, and as such the recommendation is to disable it.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Click the &quot;VLAN&quot; tab.
+From the vSphere Client, go to "Networking".
 
-Change the VLAN ID to a non-native VLAN.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Click &quot;OK&quot;.
+Review the "Discovery Protocol" configuration.
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VDPortgroup &quot;portgroup name&quot; | Set-VDVlanConfiguration -VlanId &quot;New VLAN#&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fb68d569-a379-44d1-8e0a-c30fc231253e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp &#x3D;&#x3D; &quot;1&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp &#x3D;&#x3D; &quot;1&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp &#x3D;&#x3D; &quot;1&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to cmp &#x3D;&#x3D; &quot;1&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000273</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000273</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000273</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When a port group is set to VLAN Trunking, the vSwitch passes all network frames in the specified range to the attached virtual machines without modifying the virtual local area network (VLAN) tags. In vSphere, this is referred to as VGT.
-
-The virtual machine must process the VLAN information itself via an 802.1Q driver in the operating system. VLAN Trunking must only be implemented if the attached virtual machines have been specifically authorized and are capable of managing VLAN tags themselves.
+Get-VDSwitch | Select Name,LinkDiscoveryProtocolOperation
 
-If VLAN Trunking is enabled inappropriately, it may cause a denial of service or allow a virtual machine to interact with traffic on an unauthorized VLAN.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+If any distributed switch does not have "Discovery Protocols" disabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Click "Edit".
 
-Review the port group &quot;VLAN Type&quot; and &quot;VLAN trunk range&quot;, if present.
+Select the advanced tab and update the "Type" under "Discovery Protocol" to disabled and click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VDPortgroup | Where {$_.ExtensionData.Config.Uplink -ne &quot;True&quot;} | Select Name,VlanConfiguration
-
-If any port group is configured with &quot;VLAN trunking&quot; and is not documented as a needed exception (such as NSX appliances), this is a finding.
+Get-VDSwitch -Name "DSwitch" | Set-VDSwitch -LinkDiscoveryProtocolOperation "Disabled"</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000299' do\n  title 'The vCenter Server must disable CDP/LLDP on distributed switches.'\n  desc  'The vSphere Distributed Virtual Switch can participate in Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP), as a listener, advertiser, or both. The information is sensitive, including IP addresses, system names, software versions, and more. It can be used by an adversary to gain a better understanding of your environment, and to impersonate devices. It is also transmitted unencrypted on the network, and as such the recommendation is to disable it.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Review the \\\"Discovery Protocol\\\" configuration.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDSwitch | Select Name,LinkDiscoveryProtocolOperation\n\n    If any distributed switch does not have \\\"Discovery Protocols\\\" disabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\".\n\n    Select the advanced tab and update the \\\"Type\\\" under \\\"Discovery Protocol\\\" to disabled and click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDSwitch -Name \\\"DSwitch\\\" | Set-VDSwitch -LinkDiscoveryProtocolOperation \\\"Disabled\\\"\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000299'\n  tag rid: 'SV-VCSA-80-000299'\n  tag stig_id: 'VCSA-80-000299'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"Get-VDSwitch -Name \\\"#{vds}\\\" | Select -ExpandProperty LinkDiscoveryProtocolOperation\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'Disabled' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: Get-VDSwitch -Name "VDSwitch STIG 1" | Select -ExpandProperty LinkDiscoveryProtocolOperation stdout.strip is expected to cmp == "Disabled" :: MESSAGE 
+expected: Disabled
+     got: Listen
 
-If any port group is authorized to be configured with &quot;VLAN trunking&quot; but is not configured with the most limited range necessary, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+(compared using `cmp` matcher)
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+--------------------------------
+failed :: TEST PowerCLI Command: Get-VDSwitch -Name "VDSwitch STIG 2" | Select -ExpandProperty LinkDiscoveryProtocolOperation stdout.strip is expected to cmp == "Disabled" :: MESSAGE 
+expected: Disabled
+     got: Listen
 
-Click &quot;Edit&quot;.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000300</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must remove unauthorized port mirroring sessions on distributed switches.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vSphere Distributed Virtual Switch can enable port mirroring sessions allowing traffic to be mirrored from one source to a destination. If port mirroring is configured unknowingly this could allow an attacker to observe network traffic of virtual machines.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-Click the &quot;VLAN&quot; tab.
+From the vSphere Client, go to "Networking".
 
-If &quot;VLAN trunking&quot; is not authorized, remove it by setting &quot;VLAN type&quot; to &quot;VLAN&quot; and configure an appropriate VLAN ID. Click &quot;OK&quot;.
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.
 
-If &quot;VLAN trunking&quot; is authorized but the range is too broad, modify the range in the &quot;VLAN trunk range&quot; field to the minimum necessary and authorized range. An example range would be &quot;1,3-5,8&quot;. Click &quot;OK&quot;.
+Review any configured "Port Mirroring" sessions.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command to configure trunking:
+From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VDPortgroup &quot;Portgroup Name&quot; | Set-VDVlanConfiguration -VlanTrunkRange &quot;&lt;VLAN Range(s) comma separated&gt;&quot;
+Get-VDSwitch | select Name,@{N="Port Mirroring Sessions";E={$_.ExtensionData.Config.VspanSession.Name}}
 
-or
+If there are any unauthorized port mirroring sessions configured, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Run this command to configure a single VLAN ID:
+Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.
 
-Get-VDPortgroup &quot;Portgroup Name&quot; | Set-VDVlanConfiguration -VlanId &quot;&lt;New VLAN#&gt;&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>ba54cb69-f9c5-4fce-8bf6-b8467bbb6279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-
-No distributed port groups found to check. This is not applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000274</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000274</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000274</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Certain physical switches reserve certain VLAN IDs for internal purposes and often disallow traffic configured to these values. For example, Cisco Catalyst switches typically reserve VLANs 1001 to 1024 and 4094, while Nexus switches typically reserve 3968 to 4094.
+Select the unauthorized "Port Mirroring" session and click "Remove". Click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000300' do\n  title 'The vCenter Server must remove unauthorized port mirroring sessions on distributed switches.'\n  desc  'The vSphere Distributed Virtual Switch can enable port mirroring sessions allowing traffic to be mirrored from one source to a destination. If port mirroring is configured unknowingly this could allow an attacker to observe network traffic of virtual machines.'\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.\n\n    Review any configured \\\"Port Mirroring\\\" sessions.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    Get-VDSwitch | select Name,@{N=\\\"Port Mirroring Sessions\\\";E={$_.ExtensionData.Config.VspanSession.Name}}\n\n    If there are any unauthorized port mirroring sessions configured, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.\n\n    Select the unauthorized \\\"Port Mirroring\\\" session and click \\\"Remove\\\". Click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000300'\n  tag rid: 'SV-VCSA-80-000300'\n  tag stig_id: 'VCSA-80-000300'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDSwitch | Select -ExpandProperty Name'\n  vdswitches = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdswitches.empty?\n    describe '' do\n      skip 'No distributed switches found to check.'\n    end\n  else\n    vdswitches.each do |vds|\n      command = \"(Get-VDSwitch -Name \\\"#{vds}\\\").ExtensionData.Config.VspanSession\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp '' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 1").ExtensionData.Config.VspanSession stdout.strip is expected to cmp == ""
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDSwitch -Name "VDSwitch STIG 2").ExtensionData.Config.VspanSession stdout.strip is expected to cmp == ""</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000301</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000301</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000301</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must not override port group settings at the port level on distributed switches.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.
 
-Check with the documentation for the organization&#39;s specific switch. Using a reserved VLAN might result in a denial of service on the network.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+If there are cases where particular VMs require unique configurations then a different port group with the required configuration should be created instead of overriding port group settings.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
 					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+From the vSphere Client, go to "Networking".
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Review the port group VLAN tags and verify that they are not set to a reserved VLAN ID.
+Review the "Override port policies".
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VDPortgroup | select Name, VlanConfiguration
+(Get-VDPortgroup).ExtensionData.Config.Policy
 
-If any port group is configured with a reserved VLAN ID, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+If there are any distributed port groups that allow overridden port policies, this is a finding.
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Policies.
+Note: This does not apply to the "Block Ports" or "Configure reset at disconnect" policies.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-Click &quot;Edit&quot;.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Click the &quot;VLAN&quot; tab. Change the VLAN ID to an unreserved VLAN ID.
+Click "Edit".
 
-Click &quot;OK&quot;.
+Select advanced and update all port policies besides "Block Ports" to "disabled" and click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-VDPortgroup &quot;portgroup name&quot; | Set-VDVlanConfiguration -VlanId &quot;New VLAN#&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>7ee22b06-681f-425d-9a20-91aedc868eb0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in &quot;1001&quot;, &quot;1024&quot;, &quot;3968&quot;, &quot;4047&quot;, and &quot;4094&quot;
+$pgs = Get-VDPortgroup | Get-View
+ForEach($pg in $pgs){
+$spec = New-Object VMware.Vim.DVPortgroupConfigSpec
+$spec.configversion = $pg.Config.ConfigVersion
+$spec.Policy = New-Object VMware.Vim.VMwareDVSPortgroupPolicy
+$spec.Policy.VlanOverrideAllowed = $False
+$spec.Policy.UplinkTeamingOverrideAllowed = $False
+$spec.Policy.SecurityPolicyOverrideAllowed = $False
+$spec.Policy.IpfixOverrideAllowed = $False
+$spec.Policy.BlockOverrideAllowed = $True
+$spec.Policy.ShapingOverrideAllowed = $False
+$spec.Policy.VendorConfigOverrideAllowed = $False
+$spec.Policy.TrafficFilterOverrideAllowed = $False
+$pg.ReconfigureDVPortgroup_Task($spec)
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000301' do\n  title 'The vCenter Server must not override port group settings at the port level on distributed switches.'\n  desc  \"\n    Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.\n\n    If there are cases where particular VMs require unique configurations then a different port group with the required configuration should be created instead of overriding port group settings.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Review the \\\"Override port policies\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    (Get-VDPortgroup).ExtensionData.Config.Policy\n\n    If there are any distributed port groups that allow overridden port policies, this is a finding.\n\n    Note: This does not apply to the \\\"Block Ports\\\" or \\\"Configure reset at disconnect\\\" policies.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\".\n\n    Select advanced and update all port policies besides \\\"Block Ports\\\" to \\\"disabled\\\" and click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    $pgs = Get-VDPortgroup | Get-View\n    ForEach($pg in $pgs){\n    $spec = New-Object VMware.Vim.DVPortgroupConfigSpec\n    $spec.configversion = $pg.Config.ConfigVersion\n    $spec.Policy = New-Object VMware.Vim.VMwareDVSPortgroupPolicy\n    $spec.Policy.VlanOverrideAllowed = $False\n    $spec.Policy.UplinkTeamingOverrideAllowed = $False\n    $spec.Policy.SecurityPolicyOverrideAllowed = $False\n    $spec.Policy.IpfixOverrideAllowed = $False\n    $spec.Policy.BlockOverrideAllowed = $True\n    $spec.Policy.ShapingOverrideAllowed = $False\n    $spec.Policy.VendorConfigOverrideAllowed = $False\n    $spec.Policy.TrafficFilterOverrideAllowed = $False\n    $pg.ReconfigureDVPortgroup_Task($spec)\n    }\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000301'\n  tag rid: 'SV-VCSA-80-000301'\n  tag stig_id: 'VCSA-80-000301'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDPortgroup | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.VlanOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.IpfixOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.MacManagementOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.ShapingOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.VendorConfigOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.LivePortMovingAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'False' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in &quot;1001&quot;, &quot;1024&quot;, &quot;3968&quot;, &quot;4047&quot;, and &quot;4094&quot;
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in &quot;1001&quot;, &quot;1024&quot;, &quot;3968&quot;, &quot;4047&quot;, and &quot;4094&quot;
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.DefaultPortConfig.Vlan.VlanId stdout.strip is expected not to be in &quot;1001&quot;, &quot;1024&quot;, &quot;3968&quot;, &quot;4047&quot;, and &quot;4094&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000275</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must configure the &quot;vpxuser&quot; auto-password to be changed every 30 days.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By default, vCenter will change the &quot;vpxuser&quot; password automatically every 30 days. Ensure this setting meets site policies. If it does not, configure it to meet password aging policies.
-
-Note: It is very important the password aging policy is not shorter than the default interval that is set to automatically change the &quot;vpxuser&quot; password to preclude the possibility that vCenter might be locked out of an ESXi host.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
-
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
-
-Verify that &quot;VirtualCenter.VimPasswordExpirationInDays&quot; is set to &quot;30&quot;.
-
-or
-
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
-
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays
-
-If the &quot;VirtualCenter.VimPasswordExpirationInDays&quot; is set to a value other than &quot;30&quot; or does not exist, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
-
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
-
-Click &quot;Edit Settings&quot; and configure the &quot;VirtualCenter.VimPasswordExpirationInDays&quot; value to &quot;30&quot; or if the value does not exist create it by entering the values in the &quot;Key&quot; and &quot;Value&quot; fields and clicking &quot;Add&quot;.
-
-or
-
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
-
-If the setting already exists:
-
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays | Set-AdvancedSetting -Value 30
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp == "False"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp == "False"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000302</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000302</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000302</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must reset port configuration when virtual machines are disconnected.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.
 
-If the setting does not exist:
+If any unknown or unauthorized per-port overrides exist and are not discarded when a virtual machine is disconnected from that port then a future virtual machine connected to that port may receive a less secure port.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
 
-New-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name VirtualCenter.VimPasswordExpirationInDays -Value 30</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>61cafcfb-95af-4dae-9223-b339b52ccf62</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name VirtualCenter.VimPasswordExpirationInDays | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;30&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000276</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000276</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000276</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must configure the &quot;vpxuser&quot; password to meet length policy.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The &quot;vpxuser&quot; password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies.
-
-Longer passwords make brute-force password attacks more difficult. The &quot;vpxuser&quot; password is added by vCenter, meaning no manual intervention is normally required. The &quot;vpxuser&quot; password length must never be modified to less than the default length of 32 characters.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From the vSphere Client, go to "Networking".
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Verify that &quot;config.vpxd.hostPasswordLength&quot; is set to &quot;32&quot;.
+Review the "Configure reset at disconnect" setting.
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength and verify it is set to 32.
+(Get-VDPortgroup).ExtensionData.Config.Policy.PortConfigResetAtDisconnect
 
-If the &quot;config.vpxd.hostPasswordLength&quot; is set to a value other than &quot;32, this is a finding.
+If there are any distributed port groups with "Configure reset at disconnect" configured to "disabled" or "False", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to "Networking".
 
-If the setting does not exist, this is not a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+Click "Edit".
 
-Click &quot;Edit Settings&quot; and configure the &quot;config.vpxd.hostPasswordLength&quot; value to &quot;32&quot;.
+Select advanced and update "Configure reset at disconnect" to be enabled and click "OK".
 
 or
 
 From a PowerCLI command prompt while connected to the vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name config.vpxd.hostPasswordLength | Set-AdvancedSetting -Value 32</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>36945856-7e39-47dd-a4cc-3db4056f5a39</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name config.vpxd.hostPasswordLength | Select-Object -ExpandProperty Value stdout.strip is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000277</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000277</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000277</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must be isolated from the public internet but must still allow for patch notification and delivery.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter and the embedded Lifecycle Manager system must never have a direct route to the internet. Despite this, updates and patches sourced from VMware on the internet must be delivered in a timely manner.
-
-There are two methods to accomplish this: a proxy server and the Update Manager Download Service (UMDS). UMDS is an optional module for Lifecycle Manager that fetches upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to an isolated Lifecycle Manager directly.
-
-Alternatively, a proxy for Lifecycle Manager can be configured to allow controlled, limited access to the public internet for the sole purpose of patch gathering. Either solution mitigates the risk of internet connectivity by limiting its scope and use.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Check the following conditions:
+$pgs = Get-VDPortgroup | Get-View
+ForEach($pg in $pgs){
+$spec = New-Object VMware.Vim.DVPortgroupConfigSpec
+$spec.configversion = $pg.Config.ConfigVersion
+$spec.Policy = New-Object VMware.Vim.VMwareDVSPortgroupPolicy
+$spec.Policy.PortConfigResetAtDisconnect = $True
+$pg.ReconfigureDVPortgroup_Task($spec)
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000302' do\n  title 'The vCenter Server must reset port configuration when virtual machines are disconnected.'\n  desc  \"\n    Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.\n\n    If any unknown or unauthorized per-port overrides exist and are not discarded when a virtual machine is disconnected from that port then a future virtual machine connected to that port may receive a less secure port.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If distributed switches are not used, this is not applicable.\n\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Review the \\\"Configure reset at disconnect\\\" setting.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    (Get-VDPortgroup).ExtensionData.Config.Policy.PortConfigResetAtDisconnect\n\n    If there are any distributed port groups with \\\"Configure reset at disconnect\\\" configured to \\\"disabled\\\" or \\\"False\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to \\\"Networking\\\".\n\n    Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.\n\n    Click \\\"Edit\\\".\n\n    Select advanced and update \\\"Configure reset at disconnect\\\" to be enabled and click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following command:\n\n    $pgs = Get-VDPortgroup | Get-View\n    ForEach($pg in $pgs){\n    $spec = New-Object VMware.Vim.DVPortgroupConfigSpec\n    $spec.configversion = $pg.Config.ConfigVersion\n    $spec.Policy = New-Object VMware.Vim.VMwareDVSPortgroupPolicy\n    $spec.Policy.PortConfigResetAtDisconnect = $True\n    $pg.ReconfigureDVPortgroup_Task($spec)\n    }\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000302'\n  tag rid: 'SV-VCSA-80-000302'\n  tag stig_id: 'VCSA-80-000302'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  command = 'Get-VDPortgroup | Select -ExpandProperty Name'\n  vdportgroups = powercli_command(command).stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if vdportgroups.empty?\n    describe '' do\n      skip 'No distributed port groups found to check.'\n    end\n  else\n    vdportgroups.each do |vdpg|\n      command = \"(Get-VDPortgroup -Name \\\"#{vdpg}\\\").ExtensionData.Config.Policy.PortConfigResetAtDisconnect\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'True' }\n      end\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 1-DVUplinks-40").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 1").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 2").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VDSwitch STIG 2-DVUplinks-44").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 3").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"
+--------------------------------
+passed :: TEST PowerCLI Command: (Get-VDPortgroup -Name "VD PG 4").ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp == "True"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000303</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000303</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000303</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must disable Secure Shell (SSH) access.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vCenter Server is delivered as an appliance, and intended to be managed through the VAMI, vSphere Client, and APIs. SSH is a troubleshooting and support tool and should only be enabled when necessary.
 
-1. Lifecycle Manager must be configured to use the UMDS.
+vCenter Server High Availability uses SSH to coordinate the replication and failover between the nodes. Use of this feature requires SSH to remain enabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Access" on the left navigation pane.
+
+If "SSH Login" is not "Deactivated", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.
+
+Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group.
+
+Select "Access" on the left navigation pane.
+
+Click "Edit" then disable "Activate SSH Login" and click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000303' do\n  title 'The vCenter Server must disable Secure Shell (SSH) access.'\n  desc  \"\n    vCenter Server is delivered as an appliance, and intended to be managed through the VAMI, vSphere Client, and APIs. SSH is a troubleshooting and support tool and should only be enabled when necessary.\n\n    vCenter Server High Availability uses SSH to coordinate the replication and failover between the nodes. Use of this feature requires SSH to remain enabled.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Access\\\" on the left navigation pane.\n\n    If \\\"SSH Login\\\" is not \\\"Deactivated\\\", this is a finding.\n  \"\n  desc 'fix', \"\n    Open the Virtual Appliance Management Interface (VAMI) by navigating to https://&lt;vCenter server&gt;:5480.\n\n    Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the \\\"SystemConfiguration.BashShellAdministrator\\\" group.\n\n    Select \\\"Access\\\" on the left navigation pane.\n\n    Click \\\"Edit\\\" then disable \\\"Activate SSH Login\\\" and click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000303'\n  tag rid: 'SV-VCSA-80-000303'\n  tag stig_id: 'VCSA-80-000303'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  describe powercli_command('Invoke-GetAccessSsh').stdout.strip do\n    it { should_not cmp 'true' }\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST True is expected not to cmp == "true" :: MESSAGE 
+expected: true
+     got: True
 
-OR
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000304</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VCSA-80-000304</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VCSA-80-000304</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The vCenter Server must enable data in transit encryption for vSAN.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Transit encryption must be enabled to prevent unauthorized disclosure information and to protect the confidentiality of organizational information.
 
-2. Lifecycle Manager must be configured to use a proxy server for access to VMware patch repositories.
+vSAN data-in-transit encryption has the following characteristics:
+-vSAN uses AES-256 bit encryption on data in transit.
+-Forward secrecy is enforced for vSAN data-in-transit encryption.
+-Traffic between data hosts and witness hosts is encrypted.
+-File service data traffic between the VDFS proxy and VDFS server is encrypted.
+-vSAN file services inter-host connections are encrypted.
+-vSAN uses symmetric keys that are generated dynamically and shared between hosts. Hosts dynamically generate an encryption key when they establish a connection, and they use the key to encrypt all traffic between the hosts. You do not need a key management server to perform data-in-transit encryption.
 
-OR
+Each host is authenticated when it joins the cluster, ensuring connections only to trusted hosts are allowed. When a host is removed from the cluster, it is authentication certificate is removed.
 
-3. Lifecycle Manager must disable internet patch repositories and any patches must be manually validated and imported as needed.
+vSAN data-in-transit encryption is a cluster-wide setting. When enabled, all data and metadata traffic is encrypted as it transits across hosts.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
 
-Option 1:
+From the vSphere Client, go to Host and Clusters.
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
+Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
 
-Click the &quot;Change Download Source&quot; button.
+Review the "Data-in-transit encryption" status.
 
-Verify the &quot;Download patches from a UMDS shared repository&quot; radio button is selected and that a valid UMDS repository is supplied.
+or
 
-Click &quot;Cancel&quot;.
+From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
 
-If this is not set, this is a finding.
+$vsanclusterconf = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system
+$vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name &lt;cluster name&gt;).ExtensionData.MoRef).DataInTransitEncryptionConfig
 
-Option 2:
+Repeat these steps for each vSAN enabled cluster in the environment.
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
+If "Data-In-Transit encryption" is not enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
 
-Click the &quot;Change Download Source&quot; button.
+Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
 
-Verify the &quot;Download patches directly from the internet&quot; radio button is selected.
+Click "Edit".
+
+Enable "Data-In-Transit encryption" and choose a rekey interval suitable for the environment then click "Apply".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VCSA-80-000304' do\n  title 'The vCenter Server must enable data in transit encryption for vSAN.'\n  desc  \"\n    Transit encryption must be enabled to prevent unauthorized disclosure information and to protect the confidentiality of organizational information.\n\n    vSAN data-in-transit encryption has the following characteristics:\n    -vSAN uses AES-256 bit encryption on data in transit.\n    -Forward secrecy is enforced for vSAN data-in-transit encryption.\n    -Traffic between data hosts and witness hosts is encrypted.\n    -File service data traffic between the VDFS proxy and VDFS server is encrypted.\n    -vSAN file services inter-host connections are encrypted.\n    -vSAN uses symmetric keys that are generated dynamically and shared between hosts. Hosts dynamically generate an encryption key when they establish a connection, and they use the key to encrypt all traffic between the hosts. You do not need a key management server to perform data-in-transit encryption.\n\n    Each host is authenticated when it joins the cluster, ensuring connections only to trusted hosts are allowed. When a host is removed from the cluster, it is authentication certificate is removed.\n\n    vSAN data-in-transit encryption is a cluster-wide setting. When enabled, all data and metadata traffic is encrypted as it transits across hosts.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If no clusters are enabled for vSAN, this is not applicable.\n\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.\n\n    Review the \\\"Data-in-transit encryption\\\" status.\n\n    or\n\n    From a PowerCLI command prompt while connected to the vCenter server, run the following commands:\n\n    $vsanclusterconf = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system\n    $vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name &lt;cluster name&gt;).ExtensionData.MoRef).DataInTransitEncryptionConfig\n\n    Repeat these steps for each vSAN enabled cluster in the environment.\n\n    If \\\"Data-In-Transit encryption\\\" is not enabled, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, go to Host and Clusters.\n\n    Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.\n\n    Click \\\"Edit\\\".\n\n    Enable \\\"Data-In-Transit encryption\\\" and choose a rekey interval suitable for the environment then click \\\"Apply\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-APP-000516'\n  tag gid: 'V-VCSA-80-000304'\n  tag rid: 'SV-VCSA-80-000304'\n  tag stig_id: 'VCSA-80-000304'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  # Get all clusters with vSAN enabled\n  clusters = powercli_command('Get-Cluster | Where-Object {$_.VsanEnabled -eq $true} | Sort-Object | Select-Object -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n\n  if !clusters.empty?\n    clusters.each do |cluster|\n      command = \"$vsanclusterconf = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system; $vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name #{cluster}).ExtensionData.MoRef).DataInTransitEncryptionConfig.Enabled\"\n      describe powercli_command(command) do\n        its('stdout.strip') { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No clusters with vSAN enabled found...skipping tests' do\n      skip 'No clusters with vSAN enabled found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 vCenter STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST PowerCLI Command: $vsanclusterconf = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system; $vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name cluster0).ExtensionData.MoRef).DataInTransitEncryptionConfig.Enabled stdout.strip is expected to cmp == "true" :: MESSAGE 
+expected: true
+     got: 
 
-Click &quot;Cancel&quot;.
+(compared using `cmp` matcher)</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>1</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+					<SID_DATA>{"hdfSpecificData":{"copyright":"The Authors","maintainer":"The Authors","version":"1.0.1"}}</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>An InSpec Compliance Profile</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>Apache-2.0</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000189</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have copy operations disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Navigate to the vCenter Server Management interface at https:&#x2F;&#x2F;&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Verify that &quot;HTTPS&quot; is &quot;Enabled&quot;.
+Verify the "isolation.tools.copy.disable" value is set to "true".
 
-Click the &quot;HTTPS&quot; row.
+or
 
-Verify the proxy server configuration is accurate.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-If this is not set, this is a finding.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.copy.disable
 
-Option 3:
+If the virtual machine advanced setting "isolation.tools.copy.disable" is not set to "true", this is a finding.
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.
+If the virtual machine advanced setting "isolation.tools.copy.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Verify the &quot;Automatic downloads&quot; option is disabled.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
+Find the "isolation.tools.copy.disable" value and set it to "true".
 
-Verify any download sources are disabled.
+If the setting does not exist no action is needed.
 
-If this is not set, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Option 1:
+or
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click the &quot;Change Download Source&quot; button.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.copy.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000189' do\n  title 'Virtual machines (VMs) must have copy operations disabled.'\n  desc  'Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.tools.copy.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.copy.disable\n\n    If the virtual machine advanced setting \\\"isolation.tools.copy.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.tools.copy.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.tools.copy.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.copy.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000189'\n  tag rid: 'SV-VMCH-80-000189'\n  tag stig_id: 'VMCH-80-000189'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.tools.copy.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000191</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have drag and drop operations disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select the &quot;Download patches from a UMDS shared repository&quot; radio button and supply a valid UMDS repository.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Click &quot;Save&quot;.
+Verify the "isolation.tools.dnd.disable" value is set to "true".
 
-Option 2:
+or
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Setup.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click the &quot;Change Download Source&quot; button.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.dnd.disable
 
-Select the &quot;Download patches directly from the internet&quot; radio button.
+If the virtual machine advanced setting "isolation.tools.dnd.disable" is not set to "true", this is a finding.
 
-Click &quot;Save&quot;.
+If the virtual machine advanced setting "isolation.tools.dnd.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Navigate to the vCenter Server Management interface at https:&#x2F;&#x2F;&lt;vcenter dns&gt;:5480 &gt;&gt; Networking &gt;&gt; Proxy Settings.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Click &quot;Edit&quot;.
+Find the "isolation.tools.dnd.disable" value and set it to "true".
 
-Slide &quot;HTTPS&quot; to &quot;Enabled&quot;.
+If the setting does not exist no action is needed.
 
-Supply the appropriate proxy server configuration.
+or
 
-Click &quot;Save&quot;.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Option 3:
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.dnd.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000191' do\n  title 'Virtual machines (VMs) must have drag and drop operations disabled.'\n  desc  'Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.tools.dnd.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.dnd.disable\n\n    If the virtual machine advanced setting \\\"isolation.tools.dnd.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.tools.dnd.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.tools.dnd.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.dnd.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000191'\n  tag rid: 'SV-VMCH-80-000191'\n  tag stig_id: 'VMCH-80-000191'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.tools.dnd.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000192</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have paste operations disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to Lifecycle Manager &gt;&gt; Settings &gt;&gt; Patch Downloads.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Click &quot;Edit&quot; and uncheck &quot;Download patches&quot;.
-
-Under &quot;Patch Setup&quot; select each download source and click Disable.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>097873e3-4559-4e50-ad5d-2bd4e93f152a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000278</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000278</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000278</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must use unique service accounts when applications connect to vCenter.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Verify each external application that connects to vCenter has a unique service account dedicated to that application.
+Verify the "isolation.tools.paste.disable" value is set to "true".
 
-For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.
+or
 
-If any application shares a service account that is used to connect to vCenter, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>5b5efde7-616f-4f86-94a9-750ae95d3987</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000279</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Virtual machines might share virtual switches and virtual local area networks (VLAN) with the IP-based storage configurations.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.paste.disable
 
-IP-based storage includes vSAN, Internet Small Computer System Interface (iSCSI), and Network File System (NFS). This configuration might expose IP-based storage traffic to unauthorized virtual machine users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network.
+If the virtual machine advanced setting "isolation.tools.paste.disable" is not set to "true", this is a finding.
 
-To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from the production traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and virtual machines will limit unauthorized users from viewing the traffic.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If IP-based storage is not used, this is not applicable.
+If the virtual machine advanced setting "isolation.tools.paste.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-IP-based storage (iSCSI, NFS, vSAN) VMkernel port groups must be in a dedicated VLAN that can be on a standard or distributed virtual switch that is logically separated from other traffic types.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-The check for this will be unique per environment.
+Find the "isolation.tools.paste.disable" value and set it to "true".
 
-To check a standard switch, do the following:
+If the setting does not exist no action is needed.
 
-From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.
+or
 
-For each storage port group (iSCSI, NFS, vSAN), select the port group and note the VLAN ID associated with each port group.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Verify it is dedicated to that purpose and is logically separated from other traffic types.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.paste.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000192' do\n  title 'Virtual machines (VMs) must have paste operations disabled.'\n  desc  'Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.tools.paste.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.paste.disable\n\n    If the virtual machine advanced setting \\\"isolation.tools.paste.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.tools.paste.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.tools.paste.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.paste.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000192'\n  tag rid: 'SV-VMCH-80-000192'\n  tag stig_id: 'VMCH-80-000192'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.tools.paste.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000193</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have virtual disk shrinking disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.
 
-To check a distributed switch, do the following,
+However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to shrink is available to nonadministrative users operating within the VM's guest operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to &quot;Networking&quot;.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select and expand a distributed switch.
+Verify the "isolation.tools.diskShrink.disable" value is set to "true".
 
-For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to the &quot;Summary&quot; tab.
+or
 
-Note the VLAN ID associated with each port group and verify it is dedicated to that purpose and is logically separated from other traffic types.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-If any IP-based storage networks are not isolated from other traffic types, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Configuration of an IP-based VMkernel will be unique to each environment.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable
 
-To configure VLANs and traffic types, do the following:
+If the virtual machine advanced setting "isolation.tools.diskShrink.disable" is not set to "true", this is a finding.
 
-Standard switch:
+If the virtual machine advanced setting "isolation.tools.diskShrink.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; VMkernel adapters.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select the Storage VMkernel (for any IP-based storage). Click &quot;Edit...&quot; and click the &quot;Port properties&quot; tab.
+Find the "isolation.tools.diskShrink.disable" value and set it to "true".
 
-Uncheck everything (unless vSAN).
+If the setting does not exist no action is needed.
 
-Click the &quot;IPv4&quot; settings or &quot;IPv6&quot; settings tab.
+or
 
-Enter the appropriate IP address and subnet information.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click &quot;OK&quot;.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000193' do\n  title 'Virtual machines (VMs) must have virtual disk shrinking disabled.'\n  desc  \"\n    Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.\n\n    However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to shrink is available to nonadministrative users operating within the VM's guest operating system.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.tools.diskShrink.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable\n\n    If the virtual machine advanced setting \\\"isolation.tools.diskShrink.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.tools.diskShrink.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.tools.diskShrink.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000193'\n  tag rid: 'SV-VMCH-80-000193'\n  tag stig_id: 'VMCH-80-000193'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.tools.diskShrink.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000194</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have virtual disk wiping disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.
 
-From the vSphere Client, select the ESXi host and go to Configure &gt;&gt; Networking &gt;&gt; Virtual switches. Select a standard switch.
+However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to wipe (erase) is available to nonadministrative users operating within the VM's guest operating system.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-For each storage port group (iSCSI, NFS, vSAN), select the port group and click &quot;...&quot;. Click &quot;Edit Settings&quot;. On the &quot;Properties&quot; tab, enter the appropriate VLAN ID and click &quot;OK&quot;.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Distributed switch:
+Verify the "isolation.tools.diskWiper.disable" value is set to "true".
 
-From the vSphere Client, go to &quot;Networking&quot;.
+or
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Topology.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select the Storage VMkernel (for any IP-based storage). Click &quot;...&quot; and click &quot;Edit Settings&quot;.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable
 
-On the &quot;Port properties&quot; tab, uncheck everything (unless vSAN).
+If the virtual machine advanced setting "isolation.tools.diskWiper.disable" is not set to "true", this is a finding.
 
-Click the &quot;IPv4&quot; settings or &quot;IPv6&quot; settings tab.
+If the virtual machine advanced setting "isolation.tools.diskWiper.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Enter the appropriate IP address and subnet information.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Click &quot;OK&quot;.
+Find the "isolation.tools.diskWiper.disable" value and set it to "true".
 
-From the vSphere Client, go to &quot;Networking&quot;.
+If the setting does not exist no action is needed.
 
-Select and expand a distributed switch.
+or
 
-For each storage port group (iSCSI, NFS, vSAN), select the port group and navigate to Configure &gt;&gt; Settings &gt;&gt; Properties.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click &quot;Edit&quot;.
-
-Click the &quot;VLAN&quot; tab.
-
-Enter the appropriate VLAN type and ID and click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d75a2325-40a1-431f-95fb-5fe7ce3298a3</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000280</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000280</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000280</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must be configured to send events to a central log server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter server generates volumes of security-relevant application-level events. Examples include logins, system reconfigurations, system degradation warnings, and more. To ensure these events are available for forensic analysis and correlation, they must be sent to the syslog and forwarded on to the configured Security Information and Event Management (SIEM) system and&#x2F;or central log server.
-
-The vCenter server sends events to syslog by default, but this configuration must be verified and maintained.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000194' do\n  title 'Virtual machines (VMs) must have virtual disk wiping disabled.'\n  desc  \"\n    Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and processes (those without root or administrator privileges) within virtual machines have the capability to invoke this procedure.\n\n    However, if this is done repeatedly, the virtual disk can become unavailable while this shrinking is being performed, effectively causing a denial of service. In most datacenter environments, disk shrinking is not done, so this feature must be disabled. Repeated disk shrinking can make a virtual disk unavailable. The capability to wipe (erase) is available to nonadministrative users operating within the VM's guest operating system.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.tools.diskWiper.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable\n\n    If the virtual machine advanced setting \\\"isolation.tools.diskWiper.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.tools.diskWiper.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.tools.diskWiper.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000194'\n  tag rid: 'SV-VMCH-80-000194'\n  tag stig_id: 'VMCH-80-000194'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.tools.diskWiper.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000195</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must limit console sharing.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a notification about the new session. If an administrator in the VM logs in using a VMware remote console during their session, a nonadministrator in the VM might connect to the console and observe the administrator's actions.
+
+Also, this could result in an administrator losing console access to a VM. For example, if a jump box is being used for an open console session and the administrator loses connection to that box, the console session remains open. Allowing two console sessions permits debugging via a shared session. For the highest security, allow only one remote console session at a time.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Verify that &quot;vpxd.event.syslog.enabled&quot; value is set to &quot;true&quot;.
+Verify the "RemoteDisplay.maxConnections" value is set to "1".
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled
+Get-VM "VM Name" | Get-AdvancedSetting -Name RemoteDisplay.maxConnections
 
-If the &quot;vpxd.event.syslog.enabled&quot; value is not set to &quot;true&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+If the virtual machine advanced setting "RemoteDisplay.maxConnections" does not exist or is not set to "1", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Advanced Settings.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Click &quot;Edit Settings&quot; and configure the &quot;vpxd.event.syslog.enabled&quot; setting to &quot;true&quot;.
+Find the "RemoteDisplay.maxConnections" value and set it to "1".
+
+If the setting does not exist, add the Name and Value setting at the bottom of screen.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Get-AdvancedSetting -Entity &lt;vcenter server name&gt; -Name vpxd.event.syslog.enabled | Set-AdvancedSetting -Value true</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>fd6204cb-c776-4ae3-84cd-9a176cbfd1c4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name vpxd.event.syslog.enabled | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000281</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000281</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000281</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List (HCL) by use of an external proxy server.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vSAN Health Check is able to download the HCL from VMware to check compliance against the underlying vSAN Cluster hosts. To ensure the vCenter server is not directly downloading content from the internet, this functionality must be disabled. If this feature is necessary, an external proxy server must be configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
+Get-VM "VM Name" | Get-AdvancedSetting -Name RemoteDisplay.maxConnections | Set-AdvancedSetting -Value 1
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000195' do\n  title 'Virtual machines (VMs) must limit console sharing.'\n  desc  \"\n    By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a notification about the new session. If an administrator in the VM logs in using a VMware remote console during their session, a nonadministrator in the VM might connect to the console and observe the administrator's actions.\n\n    Also, this could result in an administrator losing console access to a VM. For example, if a jump box is being used for an open console session and the administrator loses connection to that box, the console session remains open. Allowing two console sessions permits debugging via a shared session. For the highest security, allow only one remote console session at a time.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"RemoteDisplay.maxConnections\\\" value is set to \\\"1\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name RemoteDisplay.maxConnections\n\n    If the virtual machine advanced setting \\\"RemoteDisplay.maxConnections\\\" does not exist or is not set to \\\"1\\\", this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"RemoteDisplay.maxConnections\\\" value and set it to \\\"1\\\".\n\n    If the setting does not exist, add the Name and Value setting at the bottom of screen.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name RemoteDisplay.maxConnections | Set-AdvancedSetting -Value 1\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000195'\n  tag rid: 'SV-VMCH-80-000195'\n  tag stig_id: 'VMCH-80-000195'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name RemoteDisplay.maxConnections | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should cmp '1' }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST VM: stig vm2 is expected to cmp == "1" :: MESSAGE 
+expected: 1
+     got: -1
 
-From the vSphere Client, go to Host and Clusters.
+(compared using `cmp` matcher)
 
-Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.
+--------------------------------
+failed :: TEST VM: stigvm1 is expected to cmp == "1" :: MESSAGE 
+expected: 1
+     got: -1
 
-If the HCL internet download is not required, verify &quot;Status&quot; is &quot;Disabled&quot;.
+(compared using `cmp` matcher)
 
-If the &quot;Status&quot; is &quot;Enabled&quot;, this is a finding.
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "1"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "1"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "1"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000196</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must limit informational messages from the virtual machine to the VMX file.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are capable of sending a large and continuous data stream to the host. This 1MB capacity should be sufficient for most cases, but this value can change if necessary.
 
-If the HCL internet download is required, verify &quot;Status&quot; is &quot;Enabled&quot; and a proxy host is configured.
+The value can be increased if large amounts of custom information are being stored in the configuration file. The default limit is 1MB.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-If &quot;Status&quot; is &quot;Enabled&quot; and a proxy is not configured, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select the vCenter Server &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Internet Connectivity.
+Verify the "tools.setinfo.sizeLimit" value is set to "1048576".
 
-Click &quot;Edit&quot;.
-
-If the HCL internet download is not required, ensure that &quot;Status&quot; is &quot;Disabled&quot;.
-
-If the HCL internet download is required, ensure that &quot;Status&quot; is &quot;Enabled&quot; and that a proxy host is appropriately configured.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>f723451a-8365-486d-b412-17e527f483d6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: $vsanhealthview &#x3D; Get-VsanView -Id VsanVcClusterHealthSystem-vsan-cluster-health-system; $vsanhealthview.VsanHealthQueryVsanProxyConfig().Host stdout.strip is expected not to cmp &#x3D;&#x3D; &quot;&quot;
+or
 
-expected: 
-     got: 
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000282</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000282</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000282</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must configure the vSAN Datastore name to a unique name.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>A vSAN Datastore name by default is &quot;vsanDatastore&quot;. If more than one vSAN cluster is present in vCenter, both datastores will have the same name by default, potentially leading to confusion and manually misplaced workloads.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.setinfo.sizeLimit
 
-From the vSphere Client, go to Host and Clusters.
+If the virtual machine advanced setting "tools.setinfo.sizeLimit" is not set to "1048576", this is a finding.
 
-Select a vSAN Enabled Cluster &gt;&gt; Datastores.
+If the virtual machine advanced setting "tools.setinfo.sizeLimit" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Review the datastores and identify any datastores with &quot;vSAN&quot; as the datastore type.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-or
+Find the "tools.setinfo.sizeLimit" value and set it to "1048576".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+If the setting does not exist no action is needed.
 
-If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
-Write-Host &quot;vSAN Enabled Cluster found&quot;
-Get-Cluster | where {$_.VsanEnabled} | Get-Datastore | where {$_.type -match &quot;vsan&quot;}
-}
-else{
-Write-Host &quot;vSAN is not enabled, this finding is not applicable.&quot;
-}
+or
 
-If vSAN is enabled and a datastore is named &quot;vsanDatastore&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select a vSAN Enabled Cluster &gt;&gt; Datastores.
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.setinfo.sizeLimit | Set-AdvancedSetting -Value 1048576
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000196' do\n  title 'Virtual machines (VMs) must limit informational messages from the virtual machine to the VMX file.'\n  desc  \"\n    The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are capable of sending a large and continuous data stream to the host. This 1MB capacity should be sufficient for most cases, but this value can change if necessary.\n\n    The value can be increased if large amounts of custom information are being stored in the configuration file. The default limit is 1MB.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"tools.setinfo.sizeLimit\\\" value is set to \\\"1048576\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.setinfo.sizeLimit\n\n    If the virtual machine advanced setting \\\"tools.setinfo.sizeLimit\\\" is not set to \\\"1048576\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"tools.setinfo.sizeLimit\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"tools.setinfo.sizeLimit\\\" value and set it to \\\"1048576\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.setinfo.sizeLimit | Set-AdvancedSetting -Value 1048576\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000196'\n  tag rid: 'SV-VMCH-80-000196'\n  tag stig_id: 'VMCH-80-000196'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name tools.setinfo.sizeLimit | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp '1048576' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000197</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must prevent unauthorized removal, connection and modification of devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-ROM drives, and can modify device settings. Use the virtual machine settings editor or configuration editor to remove unneeded or unused hardware devices. To use the device again, prevent a user or running process in the virtual machine from connecting, disconnecting, or modifying a device from within the guest operating system.
 
-Right-click on the datastore named &quot;vsanDatastore&quot; and select &quot;Rename&quot;.
+By default, a rogue user with nonadministrator privileges in a virtual machine can:
 
-Rename the datastore based on site-specific naming standards.
+1. Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
+2. Disconnect a network adaptor to isolate the virtual machine from its network, which is a denial of service.
+3. Modify settings on a device.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click &quot;OK&quot;.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-or
+Verify the "isolation.device.connectable.disable" value is set to "true".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+or
 
-If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
-Write-Host &quot;vSAN Enabled Cluster found&quot;
-$Clusters &#x3D; Get-Cluster | where {$_.VsanEnabled}
-Foreach ($clus in $clusters){
- $clus | Get-Datastore | where {$_.type -match &quot;vsan&quot;} | Set-Datastore -Name $(($clus.name) + &quot;_vSAN_Datastore&quot;)
-}
-}
-else{
-Write-Host &quot;vSAN is not enabled, this finding is not applicable.&quot;
-}</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c0efb453-203b-4ae5-ac82-21ccf12b69d5</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-is expected not to cmp &#x3D;&#x3D; &quot;vsanDatastore&quot;
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-expected: vsanDatastore
-     got: vsanDatastore
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.device.connectable.disable
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000283</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000283</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000283</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable Username&#x2F;Password and Windows Integrated Authentication.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>All forms of authentication other than Common Access Card (CAC) must be disabled. Password authentication can be temporarily reenabled for emergency access to the local Single Sign-On (SSO) accounts or Active Directory user&#x2F;pass accounts, but it must be disabled as soon as CAC authentication is functional.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If a federated identity provider is configured and used for an identity source, this is not applicable.
+If the virtual machine advanced setting "isolation.device.connectable.disable" is not set to "true", this is a finding.
 
-From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
+If the virtual machine advanced setting "isolation.device.connectable.disable" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Under &quot;Authentication method&quot;, examine the allowed methods.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-If &quot;Smart card authentication&quot; is not enabled and &quot;Password and windows session authentication&quot; is not disabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider &gt;&gt; Smart Card Authentication.
+Find the "isolation.device.connectable.disable" value and set it to "true".
 
-Next to &quot;Authentication method&quot;, click &quot;Edit&quot;.
+If the setting does not exist no action is needed.
 
-Select to radio button to &quot;Enable smart card authentication&quot;.
+or
 
-Click &quot;Save&quot;.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-To re-enable password authentication for troubleshooting purposes, run the following command on the vCenter Server Appliance:
+Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.device.connectable.disable | Set-AdvancedSetting -Value true
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000197' do\n  title 'Virtual machines (VMs) must prevent unauthorized removal, connection and modification of devices.'\n  desc  \"\n    In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-ROM drives, and can modify device settings. Use the virtual machine settings editor or configuration editor to remove unneeded or unused hardware devices. To use the device again, prevent a user or running process in the virtual machine from connecting, disconnecting, or modifying a device from within the guest operating system.\n\n    By default, a rogue user with nonadministrator privileges in a virtual machine can:\n\n    1. Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.\n    2. Disconnect a network adaptor to isolate the virtual machine from its network, which is a denial of service.\n    3. Modify settings on a device.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"isolation.device.connectable.disable\\\" value is set to \\\"true\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.device.connectable.disable\n\n    If the virtual machine advanced setting \\\"isolation.device.connectable.disable\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"isolation.device.connectable.disable\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"isolation.device.connectable.disable\\\" value and set it to \\\"true\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name isolation.device.connectable.disable | Set-AdvancedSetting -Value true\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000197'\n  tag rid: 'SV-VMCH-80-000197'\n  tag stig_id: 'VMCH-80-000197'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name isolation.device.connectable.disable | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000198</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must not be able to obtain host information from the hypervisor.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If enabled, a VM can obtain detailed information about the physical host. The default value for the parameter is FALSE. This setting should not be TRUE unless a particular VM requires this information for performance monitoring. An adversary could use this information to inform further attacks on the host.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-# &#x2F;opt&#x2F;vmware&#x2F;bin&#x2F;sso-config.sh -set_authn_policy -pwdAuthn true -winAuthn false -certAuthn false -securIDAuthn false -t vsphere.local</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e00dbfdc-515c-423c-a4df-641f9b4f0fee</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: (Get-SsoAuthenticationPolicy).SmartCardAuthnEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-expected: true
-     got: False
+Verify the "tools.guestlib.enableHostInfo" value is set to "false".
 
-(compared using &#x60;cmp&#x60; matcher)
+or
 
---------------------------------
-failed
-PowerCLI Command: (Get-SsoAuthenticationPolicy).PasswordAuthnEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-expected: false
-     got: True
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo
 
-(compared using &#x60;cmp&#x60; matcher)
+If the virtual machine advanced setting "tools.guestlib.enableHostInfo" is not set to "false", this is a finding.
 
---------------------------------
-failed
-PowerCLI Command: (Get-SsoAuthenticationPolicy).WindowsAuthnEnabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;false&quot;
+If the virtual machine advanced setting "tools.guestlib.enableHostInfo" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-expected: false
-     got: True
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000284</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000284</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000284</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must restrict access to the default roles with cryptographic permissions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>In vSphere, the built-in &quot;Administrator&quot; role contains permission to perform cryptographic operations such as Key Management Server (KMS) functions and encrypting and decrypting virtual machine disks. This role must be reserved for cryptographic administrators where virtual machine encryption and&#x2F;or vSAN encryption is in use.
-
-A new built-in role called &quot;No Cryptography Administrator&quot; exists to provide all administrative permissions except cryptographic operations. Permissions must be restricted such that normal vSphere administrators are assigned the &quot;No Cryptography Administrator&quot; role or more restrictive.
-
-The &quot;Administrator&quot; role must be tightly controlled and must not be applied to administrators who will not be doing cryptographic work. Catastrophic data loss can result from poorly administered cryptography.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.
+Find the "tools.guestlib.enableHostInfo" value and set it to "false".
 
-From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+If the setting does not exist no action is needed.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
-
-Get-VIPermission | Where {$_.Role -eq &quot;Admin&quot; -or $_.Role -eq &quot;NoTrustedAdmin&quot; -or $_.Role -eq &quot;vCLSAdmin&quot; -or $_.Role -eq &quot;vSphereKubernetesManager&quot;} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
-
-If there are any users or groups assigned to the default roles with cryptographic permissions and are not explicitly designated to perform cryptographic operations, this is a finding.
-
-The built-in solution users assigned to the administrator role are NOT a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Move any accounts not explicitly designated for cryptographic operations, other than Solution Users, to other roles such as &quot;No Cryptography Administrator&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d624dfca-417f-4d63-8425-be764c200901</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-VSPHERE.LOCAL\Administrator is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
---------------------------------
-passed
-VSPHERE.LOCAL\Administrators is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
---------------------------------
-passed
-VSPHERE.LOCAL\Administrators is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
---------------------------------
-passed
-VSPHERE.LOCAL\vCLSAdmin is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
---------------------------------
-passed
-VSPHERE.LOCAL\Administrators is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo | Set-AdvancedSetting -Value false
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000198' do\n  title 'Virtual machines (VMs) must not be able to obtain host information from the hypervisor.'\n  desc  'If enabled, a VM can obtain detailed information about the physical host. The default value for the parameter is FALSE. This setting should not be TRUE unless a particular VM requires this information for performance monitoring. An adversary could use this information to inform further attacks on the host.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"tools.guestlib.enableHostInfo\\\" value is set to \\\"false\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo\n\n    If the virtual machine advanced setting \\\"tools.guestlib.enableHostInfo\\\" is not set to \\\"false\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"tools.guestlib.enableHostInfo\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"tools.guestlib.enableHostInfo\\\" value and set it to \\\"false\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo | Set-AdvancedSetting -Value false\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000198'\n  tag rid: 'SV-VMCH-80-000198'\n  tag stig_id: 'VMCH-80-000198'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name tools.guestlib.enableHostInfo | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'false' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
 --------------------------------
-passed
-VSPHERE.LOCAL\vCLSAdmin is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
+passed :: TEST VM: stigvm1 is expected to be empty
 --------------------------------
-passed
-VSPHERE.LOCAL\Administrators is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
 --------------------------------
-passed
-VSPHERE.LOCAL\vCLSAdmin is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
 --------------------------------
-passed
-VSPHERE.LOCAL\Administrators is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;
---------------------------------
-passed
-VSPHERE.LOCAL\vCLSAdmin is expected to be in &quot;VSPHERE.LOCAL\\Administrator&quot;, &quot;VSPHERE.LOCAL\\Administrators&quot;, and &quot;VSPHERE.LOCAL\\vCLSAdmin&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000285</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000285</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000285</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must restrict access to cryptographic permissions.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>These permissions must be reserved for cryptographic administrators where virtual machine encryption and&#x2F;or vSAN encryption is in use. Catastrophic data loss can result from poorly administered cryptography.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>By default, there are four roles that contain cryptographic related permissions: Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager.
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000199</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must have shared salt values disabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When salting is enabled (Mem.ShareForceSalting=1 or 2) to share a page between two virtual machines, both salt and the content of the page must be same. A salt value is a configurable advanced option for each virtual machine. The salt values can be specified manually in the virtual machine's advanced settings with the new option "sched.mem.pshare.salt".
+
+If this option is not present in the virtual machine's advanced settings, the value of the "vc.uuid" option is taken as the default value. Because the "vc.uuid" is unique to each virtual machine, by default Transparent Page Sharing (TPS) happens only among the pages belonging to a particular virtual machine (Intra-VM).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Highlight each role and click the &#39;Privileges&quot; button in the right pane.
+Verify the "sched.mem.pshare.salt" setting does not exist.
 
-Verify that only the Administrator, No Trusted Infrastructure Administrator, vCLSAdmin, and vSphere Kubernetes Manager and any site-specific cryptographic roles have the following permissions:
+or
 
-Cryptographic Operations privileges
-Global.Diagnostics
-Host.Inventory.Add host to cluster
-Host.Inventory.Add standalone host
-Host.Local operations.Manage user groups
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-or
+Get-VM "VM Name" | Get-AdvancedSetting -Name sched.mem.pshare.salt
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+If the virtual machine advanced setting "sched.mem.pshare.salt" exists, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-$roles &#x3D; Get-VIRole
-ForEach($role in $roles){
-    $privileges &#x3D; $role.PrivilegeList
-    If($privileges -match &quot;Crypto*&quot; -or $privileges -match &quot;Global.Diagnostics&quot; -or $privileges -match &quot;Host.Inventory.Add*&quot; -or $privileges -match &quot;Host.Local operations.Manage user groups&quot;){
-    Write-Host &quot;$role has Cryptographic privileges&quot;
-    }
-}
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-If any role other than the four default roles contain the permissions listed above and is not authorized to perform cryptographic related operations, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+Delete the "sched.mem.pshare.salt" setting.
 
-Highlight the target custom role and click &quot;Edit&quot;.
+or
 
-Remove the following permissions from any custom role that is not authorized to perform cryptographic related operations:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Cryptographic Operations privileges
-Global.Diagnostics
-Host.Inventory.Add host to cluster
-Host.Inventory.Add standalone host
-Host.Local operations.Manage user groups</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>b39a59ee-44fb-466a-9699-a558252cf380</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-NoTrustedAdmin is expected to be in &quot;Admin&quot;, &quot;NoTrustedAdmin&quot;, &quot;vCLSAdmin&quot;, and &quot;vSphereKubernetesManager&quot;
+Get-VM "VM Name" | Get-AdvancedSetting -Name sched.mem.pshare.salt | Remove-AdvancedSetting
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000199' do\n  title 'Virtual machines (VMs) must have shared salt values disabled.'\n  desc  \"\n    When salting is enabled (Mem.ShareForceSalting=1 or 2) to share a page between two virtual machines, both salt and the content of the page must be same. A salt value is a configurable advanced option for each virtual machine. The salt values can be specified manually in the virtual machine's advanced settings with the new option \\\"sched.mem.pshare.salt\\\".\n\n    If this option is not present in the virtual machine's advanced settings, the value of the \\\"vc.uuid\\\" option is taken as the default value. Because the \\\"vc.uuid\\\" is unique to each virtual machine, by default Transparent Page Sharing (TPS) happens only among the pages belonging to a particular virtual machine (Intra-VM).\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"sched.mem.pshare.salt\\\" setting does not exist.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name sched.mem.pshare.salt\n\n    If the virtual machine advanced setting \\\"sched.mem.pshare.salt\\\" exists, this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Delete the \\\"sched.mem.pshare.salt\\\" setting.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name sched.mem.pshare.salt | Remove-AdvancedSetting\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000199'\n  tag rid: 'SV-VMCH-80-000199'\n  tag stig_id: 'VMCH-80-000199'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name sched.mem.pshare.salt | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should be_empty }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
 --------------------------------
-passed
-Admin is expected to be in &quot;Admin&quot;, &quot;NoTrustedAdmin&quot;, &quot;vCLSAdmin&quot;, and &quot;vSphereKubernetesManager&quot;
+passed :: TEST VM: stigvm1 is expected to be empty
 --------------------------------
-passed
-vSphereKubernetesManager is expected to be in &quot;Admin&quot;, &quot;NoTrustedAdmin&quot;, &quot;vCLSAdmin&quot;, and &quot;vSphereKubernetesManager&quot;
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
 --------------------------------
-passed
-vCLSAdmin is expected to be in &quot;Admin&quot;, &quot;NoTrustedAdmin&quot;, &quot;vCLSAdmin&quot;, and &quot;vSphereKubernetesManager&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000286</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000286</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000286</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must have Mutual Challenge Handshake Authentication Protocol (CHAP) configured for vSAN Internet Small Computer System Interface (iSCSI) targets.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>When enabled, vSphere performs bidirectional authentication of both the iSCSI target and host. When not authenticating both the iSCSI target and host, the potential exists for a man-in-the-middle attack in which an attacker might impersonate either side of the connection to steal data. Bidirectional authentication mitigates this risk.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000200</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable access through the "dvfilter" network Application Programming Interface (API).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>An attacker might compromise a VM by using the "dvFilter" API. Configure only VMs that need this access to use the API.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to Host and Clusters.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.
+Verify the settings with the format "ethernet*.filter*.name" do not exist.
 
-For each iSCSI target, review the value in the &quot;Authentication&quot; column.
+or
 
-If the Authentication method is not set to &quot;CHAP_Mutual&quot; for any iSCSI target, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select a vSAN Enabled Cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; iSCSI Target Service.
+Get-VM "VM Name" | Get-AdvancedSetting -Name "ethernet*.filter*.name*"
 
-For each iSCSI target, select the item and click &quot;Edit&quot;.
-
-Change the &quot;Authentication&quot; field to &quot;Mutual CHAP&quot; and configure the incoming and outgoing users and secrets appropriately.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>9aa267e6-8616-4945-83e6-f6518685a27c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Applicable</STATUS>
-				<FINDING_DETAILS>skipped
-vSAN iSCSI service not enabled on cluster: cluster0...this is not applicable.
-vSAN iSCSI service not enabled on cluster: cluster0...this is not applicable.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000287</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000287</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000287</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The KEK for a vSAN encrypted datastore is generated by the Key Management Server (KMS) and serves as a wrapper and lock around the Disk Encryption Key (DEK). The DEK is generated by the host and is used to encrypt and decrypt the datastore. A shallow rekey is a procedure in which the KMS issues a new KEK to the ESXi host, which rewraps the DEK but does not change the DEK or any data on disk.
+If the virtual machine advanced setting "ethernet*.filter*.name" exists and dvfilters are not in use, this is a finding.
 
-This operation must be done on a regular, site-defined interval and can be viewed as similar in criticality to changing an administrative password. If the KMS is compromised, a standing operational procedure to rekey will put a time limit on the usefulness of any stolen KMS data.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If vSAN is not in use, this is not applicable.
+If the virtual machine advanced setting "ethernet*.filter*.name" exists and the value is not valid, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Interview the system administrator (SA) to determine that a procedure has been put in place to perform a shallow rekey of all vSAN encrypted datastores at regular, site-defined intervals.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-VMware recommends a 60-day rekey task, but this interval must be defined by the SA and the information system security officer (ISSO).
+Look for settings with the format "ethernet*.filter*.name".
 
-If vSAN encryption is not in use, this is not a finding.
+Ensure only required VMs use this setting.
 
-If vSAN encryption is in use and a regular rekey procedure is not in place, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If vSAN encryption is in use, ensure that a regular rekey procedure is in place.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e7ef6d54-d852-4814-96b3-2fa38ba6a946</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000288</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000288</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000288</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an LDAP identity source.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>LDAP is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over a Secure Sockets Layer (SSL)&#x2F;Transport Layer Security (TLS) encrypted tunnel. To protect confidentiality of LDAP communications, secure LDAP (LDAPS) must be explicitly configured when adding an LDAP identity source in vSphere Single Sign-On (SSO).
-
-When configuring an identity source and supplying an SSL certificate, vCenter will enforce LDAPS. The server URLs do not need to be explicitly provided if an SSL certificate is uploaded.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If LDAP is not used as an identity provider, this is not applicable.
+or
 
-From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+
+Get-VM "VM Name" | Get-AdvancedSetting -Name ethernetX.filterY.name | Remove-AdvancedSetting
+
+Note: Change the X and Y values to match the specific setting in the organization's environment.
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000200' do\n  title 'Virtual machines (VMs) must disable access through the \"dvfilter\" network Application Programming Interface (API).'\n  desc  'An attacker might compromise a VM by using the \"dvFilter\" API. Configure only VMs that need this access to use the API.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the settings with the format \\\"ethernet*.filter*.name\\\" do not exist.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name \\\"ethernet*.filter*.name*\\\"\n\n    If the virtual machine advanced setting \\\"ethernet*.filter*.name\\\" exists and dvfilters are not in use, this is a finding.\n\n    If the virtual machine advanced setting \\\"ethernet*.filter*.name\\\" exists and the value is not valid, this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Look for settings with the format \\\"ethernet*.filter*.name\\\".\n\n    Ensure only required VMs use this setting.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name ethernetX.filterY.name | Remove-AdvancedSetting\n\n    Note: Change the X and Y values to match the specific setting in the organization's environment.\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000200'\n  tag rid: 'SV-VMCH-80-000200'\n  tag stig_id: 'VMCH-80-000200'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name ethernet*.filter* | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should be_empty }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000201</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must be configured to lock when the last console connection is closed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session hijacking. This setting only applies to Windows-based VMs with VMware tools installed.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click the &quot;Identity Sources&quot; tab.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.
 
-For each identity source of type &quot;Active Directory over LDAP&quot;, if the &quot;Server URL&quot; does not indicate &quot;ldaps:&#x2F;&#x2F;&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Configuration &gt;&gt; Identity Provider.
+Verify the option "Lock the guest operating system when the last remote user disconnects" is checked.
 
-Click the &quot;Identity Sources&quot; tab.
-
-For each identity source of type &quot;Active Directory over LDAP&quot; where LDAPS is not configured, highlight the item and click &quot;Edit&quot;.
-
-Ensure the primary and secondary server URLs, if specified, are configured for &quot;ldaps:&#x2F;&#x2F;&quot;.
-
-At the bottom, click the &quot;Browse&quot; button, select the AD LDAP cert previously exported to your local computer, click &quot;Open&quot;, and &quot;Save&quot; to complete modifications.
-
-Note: With LDAPS, the server must be a specific domain controller and its specific certificate or the domain alias with a certificate that is valid for that URL.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>8b0e3262-010e-435b-9f87-3478a1bdae4e</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000290</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000290</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000290</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must limit membership to the &quot;SystemConfiguration.BashShellAdministrators&quot; Single Sign-On (SSO) group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter SSO integrates with PAM in the underlying Photon operating system so members of the &quot;SystemConfiguration.BashShellAdministrators&quot; SSO group can log on to the operating system without needing a separate account. However, even though unique SSO users log on, they are transparently using a group account named &quot;sso-user&quot; as far as Photon auditing is concerned. While the audit trail can still be traced back to the individual SSO user, it is a more involved process.
-
-To force accountability and nonrepudiation, the SSO group &quot;SystemConfiguration.BashShellAdministrators&quot; must be severely restricted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
+or
 
-Click the next page arrow until the &quot;SystemConfiguration.BashShellAdministrators&quot; group appears.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click &quot;SystemConfiguration.BashShellAdministrators&quot;.
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.guest.desktop.autolock
 
-Review the members of the group and ensure that only authorized accounts are present.
+If the virtual machine advanced setting "tools.guest.desktop.autolock" is not set to "true", this is a finding.
 
-Note: By default the Administrator and a unique service account similar to &quot;vmware-applmgmtservice-714684a4-342f-4eff-a232-cdc21def00c2&quot; will be in the group and should not be removed.
+If the virtual machine advanced setting "tools.guest.desktop.autolock" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-If there are any accounts present as members of SystemConfiguration.BashShellAdministrators that are not authorized, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.
 
-Click the next page arrow until the &quot;SystemConfiguration.BashShellAdministrators&quot; group appears.
+Check the box next to "Lock the guest operating system when the last remote user disconnects". Click "OK".
 
-Click &quot;SystemConfiguration.BashShellAdministrators&quot;.
+or
 
-Click the three vertical dots next to the name of each unauthorized account.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select &quot;Remove Member&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>a976af54-08c7-4160-b4e8-a9d453d3ca13</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Administrator is expected to be in &quot;Administrator&quot; and &quot;vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d&quot;
+Get-VM "VM Name" | Get-AdvancedSetting -Name tools.guest.desktop.autolock | Set-AdvancedSetting -Value true</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000201' do\n  title 'Virtual machines (VMs) must be configured to lock when the last console connection is closed.'\n  desc  'When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session hijacking. This setting only applies to Windows-based VMs with VMware tools installed.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.\n\n    Verify the option \\\"Lock the guest operating system when the last remote user disconnects\\\" is checked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.guest.desktop.autolock\n\n    If the virtual machine advanced setting \\\"tools.guest.desktop.autolock\\\" is not set to \\\"true\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"tools.guest.desktop.autolock\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; VMware Remote Console Options.\n\n    Check the box next to \\\"Lock the guest operating system when the last remote user disconnects\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name tools.guest.desktop.autolock | Set-AdvancedSetting -Value true\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000201'\n  tag rid: 'SV-VMCH-80-000201'\n  tag stig_id: 'VMCH-80-000201'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name tools.guest.desktop.autolock | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'true' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
 --------------------------------
-passed
-vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d is expected to be in &quot;Administrator&quot; and &quot;vmware-applmgmtservice-7581d05c-eac0-4a70-b76c-f7b58b907e8d&quot;
+passed :: TEST VM: stigvm1 is expected to be empty
 --------------------------------
-passed
-Stderr should be empty if no groups found is expected to be empty
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "true"
 --------------------------------
-passed
-No groups found in SystemConfiguration.BashShellAdministrators is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000291</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must limit membership to the &quot;TrustedAdmins&quot; Single Sign-On (SSO) group.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vSphere &quot;TrustedAdmins&quot; group grants additional rights to administer the vSphere Trust Authority feature.
-
-To force accountability and nonrepudiation, the SSO group &quot;TrustedAdmins&quot; must be severely restricted.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "true"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000202</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable 3D features when not required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most server workloads or desktops not using 3D applications).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click the next page arrow until the &quot;TrustedAdmins&quot; group appears.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.
 
-Click &quot;TrustedAdmins&quot;.
+Expand the "Video card" and verify the "Enable 3D Support" checkbox is unchecked.
 
-Review the members of the group and ensure that only authorized accounts are present.
+or
 
-Note: These accounts act as root on the Photon operating system and have the ability to severely damage vCenter, inadvertently or otherwise.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-If there are any accounts present as members of TrustedAdmins that are not authorized, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Users and Groups &gt;&gt; Groups.
+Get-VM "VM Name" | Get-AdvancedSetting -Name mks.enable3d
 
-Click the next page arrow until the &quot;TrustedAdmins&quot; group appears.
+If the virtual machine advanced setting "mks.enable3d" exists and is not set to "false", this is a finding.
 
-Click &quot;TrustedAdmins&quot;.
+If the virtual machine advanced setting "mks.enable3d" does not exist, this is not a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click the three vertical dots next to the name of each unauthorized account.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.
+
+Expand the "Video card" and uncheck the "Enable 3D Support" checkbox.
+
+Click "OK".
+
+or
+
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select &quot;Remove Member&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0f2061f9-32be-4ca1-8a16-fa352bbad89a</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-Stderr should be empty if no users found is expected to be empty
+Get-VM "VM Name" | Get-AdvancedSetting -Name mks.enable3d | Set-AdvancedSetting -Value "false"
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000202' do\n  title 'Virtual machines (VMs) must disable 3D features when not required.'\n  desc  'For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most server workloads or desktops not using 3D applications).'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.\n\n    Expand the \\\"Video card\\\" and verify the \\\"Enable 3D Support\\\" checkbox is unchecked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name mks.enable3d\n\n    If the virtual machine advanced setting \\\"mks.enable3d\\\" exists and is not set to \\\"false\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"mks.enable3d\\\" does not exist, this is not a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings.\n\n    Expand the \\\"Video card\\\" and uncheck the \\\"Enable 3D Support\\\" checkbox.\n\n    Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name mks.enable3d | Set-AdvancedSetting -Value \\\"false\\\"\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000202'\n  tag rid: 'SV-VMCH-80-000202'\n  tag stig_id: 'VMCH-80-000202'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name mks.enable3d | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp 'false' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
 --------------------------------
-passed
-No users found in TrustedAdmins is expected to be empty
+passed :: TEST VM: stigvm1 is expected to be empty
 --------------------------------
-passed
-Stderr should be empty if no groups found is expected to be empty
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "false"
 --------------------------------
-passed
-No groups found in TrustedAdmins is expected to be empty</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000292</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000292</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000292</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server configuration must be backed up on a regular basis.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter server is the control plane for the vSphere infrastructure and all the workloads it hosts. As such, vCenter is usually a highly critical system in its own right. Backups of vCenter can now be made at a data and configuration level versus traditional storage&#x2F;image-based backups. This reduces recovery time by letting the system administrator (SA) spin up a new vCenter while simultaneously importing the backed-up data.
-
-For sites that implement the Native Key Provider (NKP), introduced in 7.0 Update 2, regular vCenter backups are critical. In a recovery scenario where the virtual machine files are intact but vCenter was lost, the encrypted virtual machines will not be able to boot as their private keys were stored in vCenter after it was last backed up. When using the NKP, vCenter becomes critical to the virtual machine workloads and ceases to be just the control plane.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Option 1:
-
-If vCenter is backed up in a traditional manner, at the storage array level, interview the SA to determine configuration and schedule.
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "false"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "false"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000203</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable encryption for vMotion.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphere 6.5, this transfer can be transparently encrypted using 256-bit AES-GCM with negligible performance impact.
 
-Option 2:
+vSphere enables encrypted vMotion by default as "Opportunistic", meaning that encrypted channels are used where supported, but the operation will continue in plain text where encryption is not supported.
 
-For vCenter native backup functionality, open the Virtual Appliance Management Interface (VAMI) by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
+For example, when vMotioning between two hosts, encryption will always be used. However, because 6.0 and earlier releases do not support this feature, vMotion from a 7.0 host to a 6.0 host would be allowed but would not be encrypted. If the encryption is set to "Required", vMotions to unsupported hosts will fail. This must be set to "Opportunistic" or "Required".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
 
-Select &quot;Backup&quot; on the left navigation pane.
+or
 
-On the resulting pane on the right, verify the &quot;Status&quot; is &quot;Enabled&quot;.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Click &quot;Status&quot; to expand the backup details.
+Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -eq "disabled")}
 
-If vCenter server backups are not configured and there is no other vCenter backup system, this is a finding.
+If the "Encrypted vMotion" setting does not have a value of "Opportunistic" or "Required", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-If the backup configuration is not set to a proper, reachable location or if the schedule is anything less frequent than &quot;Daily&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Option 1:
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
 
-Implement and document a VMware-supported storage&#x2F;image-based backup schedule.
+For "Encrypted vMotion" set the value to "Opportunistic" or "Required". Click "OK".
 
-Option 2:
+or
 
-To configure vCenter native backup functionality, open the VAMI by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
 
-Log in with local operating system administrative credentials or with an SSO account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
+$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+$spec.MigrateEncryption = New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes
+$spec.MigrateEncryption = $true
+(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000203' do\n  title 'Virtual machines (VMs) must enable encryption for vMotion.'\n  desc  \"\n    vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphere 6.5, this transfer can be transparently encrypted using 256-bit AES-GCM with negligible performance impact.\n\n    vSphere enables encrypted vMotion by default as \\\"Opportunistic\\\", meaning that encrypted channels are used where supported, but the operation will continue in plain text where encryption is not supported.\n\n    For example, when vMotioning between two hosts, encryption will always be used. However, because 6.0 and earlier releases do not support this feature, vMotion from a 7.0 host to a 6.0 host would be allowed but would not be encrypted. If the encryption is set to \\\"Required\\\", vMotions to unsupported hosts will fail. This must be set to \\\"Opportunistic\\\" or \\\"Required\\\".\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -eq \\\"disabled\\\")}\n\n    If the \\\"Encrypted vMotion\\\" setting does not have a value of \\\"Opportunistic\\\" or \\\"Required\\\", this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.\n\n    For \\\"Encrypted vMotion\\\" set the value to \\\"Opportunistic\\\" or \\\"Required\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:\n\n    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec\n    $spec.MigrateEncryption = New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes\n    $spec.MigrateEncryption = $true\n    (Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000203'\n  tag rid: 'SV-VMCH-80-000203'\n  tag stig_id: 'VMCH-80-000203'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    list = ['opportunistic', 'required']\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.MigrateEncryption\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should be_in list }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be in "opportunistic" and "required"
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be in "opportunistic" and "required"
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be in "opportunistic" and "required"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be in "opportunistic" and "required"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be in "opportunistic" and "required"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000204</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable encryption for Fault Tolerance.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine's memory or CPU instructions.
 
-Select &quot;Backup&quot; on the left navigation pane.
+vSphere Fault Tolerance performs frequent checks between a primary VM and secondary VM so the secondary VM can quickly resume from the last successful checkpoint. The checkpoint contains the VM state that has been modified since the previous checkpoint.
 
-On the resulting pane on the right, click &quot;Configure&quot; (or &quot;Edit&quot; for an existing configuration).
+When Fault Tolerance is turned on, FT encryption is set to "Opportunistic" by default, which means it enables encryption only if both the primary and secondary host are capable of encryption.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>If the Virtual Machine does not have Fault Tolerance enabled, this is not applicable.
 
-Enter site-specific information for the backup job.
+For each virtual machine do the following:
 
-Ensure &quot;Schedule&quot; is set to &quot;Daily&quot;. Limiting the number of retained backups is recommended but not required.
-
-Click &quot;Create&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>3d872f43-3f06-4497-948b-b6257527fcd2</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-File based backups should be enabled. is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
 
-expected: true
-     got: 
+or
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000293</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000293</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000293</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must have task and event retention set to at least 30 days.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real time, it is important that administrators have quick access to this information when needed.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-vCenter retains 30 days of tasks and events by default, and this is sufficient for most purposes. The vCenter disk partitions are also sized with this in mind. Decreasing is not recommended for operational reasons, while increasing is not recommended unless guided by VMware support due to the partition sizing concerns.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+Get-VM | Where {($_.ExtensionData.Config.FtEncryptionMode -ne "ftEncryptionOpportunistic") -and ($_.ExtensionData.Config.FtEncryptionMode -ne "ftEncryptionRequired")}
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
+If the "Encrypted FT" setting does not have a value of "Opportunistic" or "Required", this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click to expand the &quot;Database&quot; section.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.
 
-Note the &quot;Task retention&quot; and &quot;Event retention&quot; values.
+For "Encrypted FT" set the value to "Opportunistic" or "Required". Click "OK".
 
-If either value is configured to less than &quot;30&quot; days, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+or
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; General.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
 
-Click &quot;Edit&quot;.
-
-On the &quot;Database&quot; tab, set the value for both &quot;Task retention&quot; and &quot;Event retention&quot; to &quot;30&quot; days (default) or greater, as required by your site.
-
-Click &quot;Save&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>d43f9a2e-8538-42bf-a9e3-0000144bbb00</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name event.maxAge | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &gt;&#x3D; &quot;30&quot;
+$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+$spec.FTEncryption = New-Object VMware.Vim.VMware.Vim.VirtualMachineConfigSpecEncryptedFtModes
+$spec.FT = ftEncryptionOpportunistic or ftEncryptionRequired
+(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000204' do\n  title 'Virtual machines (VMs) must enable encryption for Fault Tolerance.'\n  desc  \"\n    Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine's memory or CPU instructions.\n\n    vSphere Fault Tolerance performs frequent checks between a primary VM and secondary VM so the secondary VM can quickly resume from the last successful checkpoint. The checkpoint contains the VM state that has been modified since the previous checkpoint.\n\n    When Fault Tolerance is turned on, FT encryption is set to \\\"Opportunistic\\\" by default, which means it enables encryption only if both the primary and secondary host are capable of encryption.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    If the Virtual Machine does not have Fault Tolerance enabled, this is not applicable.\n\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Where {($_.ExtensionData.Config.FtEncryptionMode -ne \\\"ftEncryptionOpportunistic\\\") -and ($_.ExtensionData.Config.FtEncryptionMode -ne \\\"ftEncryptionRequired\\\")}\n\n    If the \\\"Encrypted FT\\\" setting does not have a value of \\\"Opportunistic\\\" or \\\"Required\\\", this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Encryption.\n\n    For \\\"Encrypted FT\\\" set the value to \\\"Opportunistic\\\" or \\\"Required\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:\n\n    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec\n    $spec.FTEncryption = New-Object VMware.Vim.VMware.Vim.VirtualMachineConfigSpecEncryptedFtModes\n    $spec.FT = ftEncryptionOpportunistic or ftEncryptionRequired\n    (Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000204'\n  tag rid: 'SV-VMCH-80-000204'\n  tag stig_id: 'VMCH-80-000204'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    list = ['ftEncryptionOpportunistic', 'ftEncryptionRequired']\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.FtEncryptionMode\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should be_in list }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be in "ftEncryptionOpportunistic" and "ftEncryptionRequired"
 --------------------------------
-passed
-PowerCLI Command: Get-AdvancedSetting -Entity $global:DefaultViServers.Name -Name task.maxAge | Select-Object -ExpandProperty Value stdout.strip is expected to cmp &gt;&#x3D; &quot;30&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000294</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000294</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000294</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server Native Key Provider must be backed up with a strong password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Native Key Provider feature was introduced in 7.0 U2 and acts as a key provider for encryption based capabilities such as encrypted virtual machines without requiring an external KMS solution.  When enabling this feature a backup must be taken which is a PKCS#12 formatted file and if no password is provided during the backup process this presents the opportunity for this to be used maliciously and compromise the environment.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If the vCenter Native Key Provider feature is not in use, this is not applicable.
+passed :: TEST VM: stigvm1 is expected to be in "ftEncryptionOpportunistic" and "ftEncryptionRequired"
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to be in "ftEncryptionOpportunistic" and "ftEncryptionRequired"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to be in "ftEncryptionOpportunistic" and "ftEncryptionRequired"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to be in "ftEncryptionOpportunistic" and "ftEncryptionRequired"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000205</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must configure log size.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.
 
-Interview the system administrator and determine if a password was provided for any backups taken of the Native Key Provider.
+By default, the size of these logs is unlimited, and they are only rotated on vMotion or power events. This can cause storage issues at scale for VMs that do not vMotion or power cycle often.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-If backups exist for the Native Key Provider that are not password protected, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select a vCenter Server &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Key Providers.
+Verify the "log.rotateSize" value is set to "2048000".
 
-Select the Native Key Provider, click &quot;Back-up&quot;, and check the box &quot;Protect Native Key Provider data with password&quot;.
-
-Provide a strong password and click &quot;Back up key provider&quot;.
-
-Delete any previous backups that were not protected with a password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>21b01338-982a-4b38-9bcf-a4fac7f1232d</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000295</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000295</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000295</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must require authentication for published content libraries.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. When publishing a content library it can be protected by requiring authentication for subscribers.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
+or
 
-Review the &quot;Password Protected&quot; column.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-If a content library is published and is not password protected, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
+Get-VM "VM Name" | Get-AdvancedSetting -Name log.rotateSize
 
-Select the target content library.
+If the virtual machine advanced setting "log.rotateSize" is not set to "2048000", this is a finding.
 
-Select &quot;Actions&quot; then &quot;Edit Settings&quot;.
-
-Click the checkbox to &quot;Enable user authentication for access to this content library&quot;.
-
-Enter and confirm a password for the content library. Click &quot;Ok&quot;.
-
-Note: Any subscribed content libraries will need to be updated to enable authentication and provide the password.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e33de32e-2e69-4a0c-9a86-39950cfd5646</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-Authentication should be enabled on Content Library: STIG Content Library [&quot;publish_info&quot;, &quot;authentication_method&quot;] is expected to cmp &#x3D;&#x3D; &quot;BASIC&quot;
+If the virtual machine advanced setting "log.rotateSize" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-expected: BASIC
-     got: NONE
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000296</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000296</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000296</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter server must enable the OVF security policy for content libraries.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale.
+Find the "log.rotateSize" value and set it to "2048000".
 
-You can protect the OVF items by applying default OVF security policy to a content library. The OVF security policy enforces strict validation on OVF items when you deploy or update the item, import items, or synchronize OVF and OVA templates. To make sure that the OVF and OVA templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
+If the setting does not exist no action is needed.
 
-Review the &quot;Security Policy&quot; column.
+or
 
-If a content library does not have the &quot;OVF default policy&quot; enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Content Libraries.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Select the target content library.
+Get-VM "VM Name" | Get-AdvancedSetting -Name log.rotateSize | Set-AdvancedSetting -Value 2048000
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000205' do\n  title 'Virtual machines (VMs) must configure log size.'\n  desc  \"\n    The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.\n\n    By default, the size of these logs is unlimited, and they are only rotated on vMotion or power events. This can cause storage issues at scale for VMs that do not vMotion or power cycle often.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"log.rotateSize\\\" value is set to \\\"2048000\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name log.rotateSize\n\n    If the virtual machine advanced setting \\\"log.rotateSize\\\" is not set to \\\"2048000\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"log.rotateSize\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"log.rotateSize\\\" value and set it to \\\"2048000\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name log.rotateSize | Set-AdvancedSetting -Value 2048000\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000205'\n  tag rid: 'SV-VMCH-80-000205'\n  tag stig_id: 'VMCH-80-000205'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name log.rotateSize | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp '2048000' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "2048000"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "2048000"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "2048000"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000206</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must configure log retention.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.
 
-Select &quot;Actions&quot; then &quot;Edit Settings&quot;.
-
-Click the checkbox to &quot;Apply Security Policy&quot;. Click &quot;OK&quot;.
-
-Note: If you disable the security policy of a content library, you cannot reuse the existing OVF items.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>551280f4-2ead-457d-80b0-311d938561e6</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-OVF security policy should be enabled on Content Library: STIG Content Library [&quot;security_policy_id&quot;] is expected not to equal nil
-
-expected not #&lt;NilClass:8&gt; &#x3D;&gt; nil
-         got #&lt;NilClass:8&gt; &#x3D;&gt; nil
-
-Compared using equal?, which compares object identity.
-
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000298</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000298</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000298</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must separate authentication and authorization for administrators.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Many organizations do both authentication and authorization using a centralized directory service such as Active Directory. Attackers who compromise an identity source can often add themselves to authorization groups, and simply log into systems they should not otherwise have access to. Additionally, reliance on central identity systems means that the administrators of those systems are potentially infrastructure administrators, too, as they can add themselves to infrastructure access groups at will.
+By default, 10 of these logs are retained. This is normally sufficient for most environments, but this configuration must be verified and maintained.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-The use of local SSO groups for authorization helps prevent this avenue of attack by allowing the centralized identity source to still authenticate users but moving authorization into vCenter itself.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Roles.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-View the Administrator role and any other role providing administrative access to vCenter to verify the users and&#x2F;or groups assigned to it by clicking on &quot;Usage&quot;.
+Verify the "log.keepOld" value is set to "10".
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
+Get-VM "VM Name" | Get-AdvancedSetting -Name log.keepOld
 
-If any user or group is directly assigned a role with administrative access to vCenter that is from an identity provider, this is a finding.
+If the virtual machine advanced setting "log.keepOld" is not set to "10", this is a finding.
 
-Note: Users and&#x2F;or groups assigned to roles should be from the &quot;VSPHERE.LOCAL&quot; identity source.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>To add groups from an identity provider to the local SSO Administrators group, as an example, do the following:
+If the virtual machine advanced setting "log.keepOld" does NOT exist, this is NOT a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to Administration &gt;&gt; Single Sign On &gt;&gt; Groups.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.
 
-Select the Administrators group and click &quot;Edit&quot;.
+Find the "log.keepOld" value and set it to "10".
 
-In the &quot;Add Members&quot; section, select the identity source and type the name of the target user&#x2F;group in the search bar.
+If the setting does not exist no action is needed.
 
-Select the target user&#x2F;group to add them and click &quot;Save&quot;.
+or
 
-Note: A new SSO group or groups can be created as needed and used to provide authorization to vCenter.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-To remove identity provider users&#x2F;groups from a role, do the following:
+Get-VM "VM Name" | Get-AdvancedSetting -Name log.keepOld | Set-AdvancedSetting -Value 10
+
+Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000206' do\n  title 'Virtual machines (VMs) must configure log retention.'\n  desc  \"\n    The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations, and machine clones.\n\n    By default, 10 of these logs are retained. This is normally sufficient for most environments, but this configuration must be verified and maintained.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Verify the \\\"log.keepOld\\\" value is set to \\\"10\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name log.keepOld\n\n    If the virtual machine advanced setting \\\"log.keepOld\\\" is not set to \\\"10\\\", this is a finding.\n\n    If the virtual machine advanced setting \\\"log.keepOld\\\" does NOT exist, this is NOT a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; Advanced Parameters.\n\n    Find the \\\"log.keepOld\\\" value and set it to \\\"10\\\".\n\n    If the setting does not exist no action is needed.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-AdvancedSetting -Name log.keepOld | Set-AdvancedSetting -Value 10\n\n    Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000206'\n  tag rid: 'SV-VMCH-80-000206'\n  tag stig_id: 'VMCH-80-000206'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-AdvancedSetting -Name log.keepOld | Select-Object -ExpandProperty Value\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should cmp '10' }\n        end\n        describe \"VM: #{vm}\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to be empty
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to be empty
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "10"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "10"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "10"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000207</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must enable logging.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From the vSphere Client, go to Administration &gt;&gt; Access Control &gt;&gt; Global Permissions.
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.
 
-Select the offending user&#x2F;group and click &quot;Delete&quot;.
-
-Note: If permissions are assigned on a specific object, then the role must be updated where it is assigned (for example, at the cluster level).</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e4cdbc0e-61a3-480c-b506-db7b6e6d6a01</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Not_Reviewed</STATUS>
-				<FINDING_DETAILS>skipped
-This check is a manual or policy based check and must be reviewed manually.
-This check is a manual or policy based check and must be reviewed manually.</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000299</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000299</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000299</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable CDP&#x2F;LLDP on distributed switches.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vSphere Distributed Virtual Switch can participate in Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP), as a listener, advertiser, or both. The information is sensitive, including IP addresses, system names, software versions, and more. It can be used by an adversary to gain a better understanding of your environment, and to impersonate devices. It is also transmitted unencrypted on the network, and as such the recommendation is to disable it.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+Ensure that the checkbox next to "Enable logging" is checked.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+or
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Review the &quot;Discovery Protocol&quot; configuration.
+Get-VM | Where {$_.ExtensionData.Config.Flags.EnableLogging -ne "True"}
 
-or
+If logging is not enabled, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.
 
-Get-VDSwitch | Select Name,LinkDiscoveryProtocolOperation
+Click the checkbox next to "Enable logging". Click "OK".
 
-If any distributed switch does not have &quot;Discovery Protocols&quot; disabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+or
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
 
-Click &quot;Edit&quot;.
+$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+$spec.Flags = New-Object VMware.Vim.VirtualMachineFlagInfo
+$spec.Flags.enableLogging = $true
+(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000207' do\n  title 'Virtual machines (VMs) must enable logging.'\n  desc  'The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.\n\n    Ensure that the checkbox next to \\\"Enable logging\\\" is checked.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Where {$_.ExtensionData.Config.Flags.EnableLogging -ne \\\"True\\\"}\n\n    If logging is not enabled, this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to Edit Settings &gt;&gt; VM Options &gt;&gt; Advanced.\n\n    Click the checkbox next to \\\"Enable logging\\\". Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:\n\n    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec\n    $spec.Flags = New-Object VMware.Vim.VirtualMachineFlagInfo\n    $spec.Flags.enableLogging = $true\n    (Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000207'\n  tag rid: 'SV-VMCH-80-000207'\n  tag stig_id: 'VMCH-80-000207'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.Flags.EnableLogging\"\n      result = powercli_command(command).stdout.strip\n      describe \"VM: #{vm}\" do\n        subject { result }\n        it { should cmp 'true' }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST VM: stig vm2 is expected to cmp == "true"
+--------------------------------
+passed :: TEST VM: stigvm1 is expected to cmp == "true"
+--------------------------------
+passed :: TEST VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c is expected to cmp == "true"
+--------------------------------
+passed :: TEST VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d is expected to cmp == "true"
+--------------------------------
+passed :: TEST VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 is expected to cmp == "true"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000208</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must not use independent, non-persistent disks.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces they were ever on the machine. To safeguard against this risk, production virtual machines should be set to use persistent disk mode; additionally, ensure activity within the VM is logged remotely on a separate server, such as a syslog server or equivalent Windows-based event collector. Without a persistent record of activity on a VM, administrators might never know whether they have been attacked or hacked.
 
-Select the advanced tab and update the &quot;Type&quot; under &quot;Discovery Protocol&quot; to disabled and click &quot;OK&quot;.
+There can be valid use cases for these types of disks, such as with an application presentation solution where read-only disks are desired, and such cases should be identified and documented.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-or
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Review the attached hard disks and verify they are not configured as independent nonpersistent disks.
 
-Get-VDSwitch -Name &quot;DSwitch&quot; | Set-VDSwitch -LinkDiscoveryProtocolOperation &quot;Disabled&quot;</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>dc79e3b9-10ca-4142-9791-f777f7e02595</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot; | Select -ExpandProperty LinkDiscoveryProtocolOperation stdout.strip is expected to cmp &#x3D;&#x3D; &quot;Disabled&quot;
+or
 
-expected: Disabled
-     got: Listen
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-(compared using &#x60;cmp&#x60; matcher)
+Get-VM "VM Name" | Get-HardDisk | Select Parent, Name, Filename, DiskType, Persistence | FT -AutoSize
 
---------------------------------
-failed
-PowerCLI Command: Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot; | Select -ExpandProperty LinkDiscoveryProtocolOperation stdout.strip is expected to cmp &#x3D;&#x3D; &quot;Disabled&quot;
+If the virtual machine has attached disks that are in independent nonpersistent mode and are not documented, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-expected: Disabled
-     got: Listen
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000300</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must remove unauthorized port mirroring sessions on distributed switches.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vSphere Distributed Virtual Switch can enable port mirroring sessions allowing traffic to be mirrored from one source to a destination. If port mirroring is configured unknowingly this could allow an attacker to observe network traffic of virtual machines.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+Select the target hard disk and change the mode to persistent or uncheck Independent.
 
-From the vSphere Client, go to &quot;Networking&quot;.
+or
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run one of the following commands:
 
-Review any configured &quot;Port Mirroring&quot; sessions.
+Get-VM "VM Name" | Get-HardDisk | Set-HardDisk -Persistence IndependentPersistent
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+Get-VM "VM Name" | Get-HardDisk | Set-HardDisk -Persistence Persistent</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000208' do\n  title 'Virtual machines (VMs) must not use independent, non-persistent disks.'\n  desc  \"\n    The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces they were ever on the machine. To safeguard against this risk, production virtual machines should be set to use persistent disk mode; additionally, ensure activity within the VM is logged remotely on a separate server, such as a syslog server or equivalent Windows-based event collector. Without a persistent record of activity on a VM, administrators might never know whether they have been attacked or hacked.\n\n    There can be valid use cases for these types of disks, such as with an application presentation solution where read-only disks are desired, and such cases should be identified and documented.\n  \"\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Review the attached hard disks and verify they are not configured as independent nonpersistent disks.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-HardDisk | Select Parent, Name, Filename, DiskType, Persistence | FT -AutoSize\n\n    If the virtual machine has attached disks that are in independent nonpersistent mode and are not documented, this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Select the target hard disk and change the mode to persistent or uncheck Independent.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run one of the following commands:\n\n    Get-VM \\\"VM Name\\\" | Get-HardDisk | Set-HardDisk -Persistence IndependentPersistent\n\n    or\n\n    Get-VM \\\"VM Name\\\" | Get-HardDisk | Set-HardDisk -Persistence Persistent\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000208'\n  tag rid: 'SV-VMCH-80-000208'\n  tag stig_id: 'VMCH-80-000208'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-HardDisk | Select-Object -ExpandProperty Persistence\"\n      results = powercli_command(command)\n      results.stdout.split.each do |disk|\n        describe \"Checking the VM: #{vm} for Non-Persistent Hard Disks\" do\n          subject { disk }\n          it { should_not cmp 'IndependentNonPersistent' }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for Non-Persistent Hard Disks is expected not to cmp == "IndependentNonPersistent"
+--------------------------------
+passed :: TEST Checking the VM: stigvm1 for Non-Persistent Hard Disks is expected not to cmp == "IndependentNonPersistent"
+--------------------------------
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for Non-Persistent Hard Disks is expected not to cmp == "IndependentNonPersistent"
+--------------------------------
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for Non-Persistent Hard Disks is expected not to cmp == "IndependentNonPersistent"
+--------------------------------
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for Non-Persistent Hard Disks is expected not to cmp == "IndependentNonPersistent"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000209</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded floppy devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
 
-Get-VDSwitch | select Name,@{N&#x3D;&quot;Port Mirroring Sessions&quot;;E&#x3D;{$_.ExtensionData.Config.VspanSession.Name}}
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-If there are any unauthorized port mirroring sessions configured, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+Get-VM | Get-FloppyDrive | Select Parent, Name, ConnectionState
 
-Select a distributed switch &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Port Mirroring.
+If a virtual machine has a floppy drive connected, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
 
-Select the unauthorized &quot;Port Mirroring&quot; session and click &quot;Remove&quot;. Click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>c78821c4-e28a-4031-9b76-4c07f81c7a34</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 1&quot;).ExtensionData.Config.VspanSession stdout.strip is expected to cmp &#x3D;&#x3D; &quot;&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDSwitch -Name &quot;VDSwitch STIG 2&quot;).ExtensionData.Config.VspanSession stdout.strip is expected to cmp &#x3D;&#x3D; &quot;&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000301</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000301</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000301</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must not override port group settings at the port level on distributed switches.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.
+The VM must be powered off to remove a floppy drive.
 
-If there are cases where particular VMs require unique configurations then a different port group with the required configuration should be created instead of overriding port group settings.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-From the vSphere Client, go to &quot;Networking&quot;.
+Get-VM "VM Name" | Get-FloppyDrive | Remove-FloppyDrive</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000209' do\n  title 'Virtual machines (VMs) must remove unneeded floppy devices.'\n  desc  'Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.'\n  desc  'rationale', ''\n  desc  'check', \"\n    Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Get-FloppyDrive | Select Parent, Name, ConnectionState\n\n    If a virtual machine has a floppy drive connected, this is a finding.\n  \"\n  desc 'fix', \"\n    Floppy drives are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.\n\n    The VM must be powered off to remove a floppy drive.\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-FloppyDrive | Remove-FloppyDrive\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000209'\n  tag rid: 'SV-VMCH-80-000209'\n  tag stig_id: 'VMCH-80-000209'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-FloppyDrive\"\n      result = powercli_command(command).stdout.strip\n      describe \"Checking the VM: #{vm} for Floppy drives\" do\n        subject { result }\n        it { should be_empty }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for Floppy drives is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: stigvm1 for Floppy drives is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for Floppy drives is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for Floppy drives is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for Floppy drives is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000210</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded CD/DVD devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-Review the &quot;Override port policies&quot;.
+Review the VMs hardware and verify no CD/DVD drives are connected.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
-
-(Get-VDPortgroup).ExtensionData.Config.Policy
-
-If there are any distributed port groups that allow overridden port policies, this is a finding.
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-Note: This does not apply to the &quot;Block Ports&quot; or &quot;Configure reset at disconnect&quot; policies.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent,Name
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+If a virtual machine has a CD/DVD drive connected other than temporarily, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click &quot;Edit&quot;.
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-Select advanced and update all port policies besides &quot;Block Ports&quot; to &quot;disabled&quot; and click &quot;OK&quot;.
+Select the CD/DVD drive and uncheck "Connected" and "Connect at power on" and remove any attached ISOs.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-$pgs &#x3D; Get-VDPortgroup | Get-View
-ForEach($pg in $pgs){
-$spec &#x3D; New-Object VMware.Vim.DVPortgroupConfigSpec
-$spec.configversion &#x3D; $pg.Config.ConfigVersion
-$spec.Policy &#x3D; New-Object VMware.Vim.VMwareDVSPortgroupPolicy
-$spec.Policy.VlanOverrideAllowed &#x3D; $False
-$spec.Policy.UplinkTeamingOverrideAllowed &#x3D; $False
-$spec.Policy.SecurityPolicyOverrideAllowed &#x3D; $False
-$spec.Policy.IpfixOverrideAllowed &#x3D; $False
-$spec.Policy.BlockOverrideAllowed &#x3D; $True
-$spec.Policy.ShapingOverrideAllowed &#x3D; $False
-$spec.Policy.VendorConfigOverrideAllowed &#x3D; $False
-$spec.Policy.TrafficFilterOverrideAllowed &#x3D; $False
-$pg.ReconfigureDVPortgroup_Task($spec)
-}</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>e41c3fe9-6574-43c1-b6fa-433bf85f1135</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+Get-VM "VM Name" | Get-CDDrive | Set-CDDrive -NoMedia</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000210' do\n  title 'Virtual machines (VMs) must remove unneeded CD/DVD devices.'\n  desc  'Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Review the VMs hardware and verify no CD/DVD drives are connected.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent,Name\n\n    If a virtual machine has a CD/DVD drive connected other than temporarily, this is a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Select the CD/DVD drive and uncheck \\\"Connected\\\" and \\\"Connect at power on\\\" and remove any attached ISOs.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-CDDrive | Set-CDDrive -NoMedia\n  \"\n  impact 0.3\n  tag severity: 'low'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000210'\n  tag rid: 'SV-VMCH-80-000210'\n  tag stig_id: 'VMCH-80-000210'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}' | Get-CDDrive).ExtensionData.connectable.connected\"\n      result = powercli_command(command).stdout.strip\n      describe.one do\n        describe \"Checking the VM: #{vm} for CD/DVD drives\" do\n          subject { result }\n          it { should cmp 'false' }\n        end\n        describe \"Checking the VM: #{vm} for CD/DVD drives\" do\n          subject { result }\n          it { should be_empty }\n        end\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for CD/DVD drives is expected to cmp == "false"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: stigvm1 for CD/DVD drives is expected to cmp == "false"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for CD/DVD drives is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for CD/DVD drives is expected to be empty
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.VlanOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.UplinkTeamingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for CD/DVD drives is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000211</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded parallel devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+
+Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match "parallel"}
+
+If a virtual machine has a parallel device present, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
+
+The VM must be powered off to remove a parallel device.
+
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
+
+$pport = (Get-VM -Name &lt;vmname&gt;).ExtensionData.Config.Hardware.Device | Where {$_.DeviceInfo.Label -match "Parallel"}
+$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+$spec.DeviceChange += New-Object VMware.Vim.VirtualDeviceConfigSpec
+$spec.DeviceChange[-1].device = $pport
+$spec.DeviceChange[-1].operation = "remove"
+(Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000211' do\n  title 'Virtual machines (VMs) must remove unneeded parallel devices.'\n  desc  'Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.'\n  desc  'rationale', ''\n  desc  'check', \"\n    Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match \\\"parallel\\\"}\n\n    If a virtual machine has a parallel device present, this is a finding.\n  \"\n  desc 'fix', \"\n    Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.\n\n    The VM must be powered off to remove a parallel device.\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:\n\n    $pport = (Get-VM -Name &lt;vmname&gt;).ExtensionData.Config.Hardware.Device | Where {$_.DeviceInfo.Label -match \\\"Parallel\\\"}\n    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec\n    $spec.DeviceChange += New-Object VMware.Vim.VirtualDeviceConfigSpec\n    $spec.DeviceChange[-1].device = $pport\n    $spec.DeviceChange[-1].operation = \\\"remove\\\"\n    (Get-VM -Name &lt;vmname&gt;).ExtensionData.ReconfigVM($spec)\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000211'\n  tag rid: 'SV-VMCH-80-000211'\n  tag stig_id: 'VMCH-80-000211'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.Hardware.Device.DeviceInfo.label\"\n      result = powercli_command(command).stdout.strip\n      describe \"Checking the VM: #{vm} for parallel devices\" do\n        subject { result }\n        it { should_not match 'Parallel' }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for parallel devices is expected not to match "Parallel"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.SecurityPolicyOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: stigvm1 for parallel devices is expected not to match "Parallel"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.IpfixOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for parallel devices is expected not to match "Parallel"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.MacManagementOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for parallel devices is expected not to match "Parallel"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.ShapingOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for parallel devices is expected not to match "Parallel"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000212</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded serial devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
+
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
+
+Review the VMs hardware and verify no serial devices exist.
+
+or
+
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+
+Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match "serial"}
+
+If a virtual machine has a serial device present, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The VM must be powered off to remove a serial device.
+
+For each virtual machine do the following:
+
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
+
+Select the serial device, click the circled "X" to remove it, and click "OK".</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000212' do\n  title 'Virtual machines (VMs) must remove unneeded serial devices.'\n  desc  'Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Review the VMs hardware and verify no serial devices exist.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match \\\"serial\\\"}\n\n    If a virtual machine has a serial device present, this is a finding.\n  \"\n  desc  'fix', \"\n    The VM must be powered off to remove a serial device.\n\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Select the serial device, click the circled \\\"X\\\" to remove it, and click \\\"OK\\\".\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000212'\n  tag rid: 'SV-VMCH-80-000212'\n  tag stig_id: 'VMCH-80-000212'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.Hardware.Device.DeviceInfo.label\"\n      result = powercli_command(command).stdout.strip\n      describe \"Checking the VM: #{vm} for serial devices\" do\n        subject { result }\n        it { should_not match 'Serial' }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for serial devices is expected not to match "Serial"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.VendorConfigOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: stigvm1 for serial devices is expected not to match "Serial"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.LivePortMovingAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for serial devices is expected not to match "Serial"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.NetworkResourcePoolOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for serial devices is expected not to match "Serial"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.TrafficFilterOverrideAllowed stdout.strip is expected to cmp &#x3D;&#x3D; &quot;False&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000302</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000302</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000302</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must reset port configuration when virtual machines are disconnected.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be set from what is established at the Port Group level. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could exploit that broader access.
-
-If any unknown or unauthorized per-port overrides exist and are not discarded when a virtual machine is disconnected from that port then a future virtual machine connected to that port may receive a less secure port.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If distributed switches are not used, this is not applicable.
-
-From the vSphere Client, go to &quot;Networking&quot;.
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for serial devices is expected not to match "Serial"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000213</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must remove unneeded USB devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-Review the &quot;Configure reset at disconnect&quot; setting.
+Review the VMs hardware and verify no USB devices exist.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
 
-(Get-VDPortgroup).ExtensionData.Config.Policy.PortConfigResetAtDisconnect
+Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match "usb"}
+Get-VM | Get-UsbDevice
 
-If there are any distributed port groups with &quot;Configure reset at disconnect&quot; configured to &quot;disabled&quot; or &quot;False&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to &quot;Networking&quot;.
+If a virtual machine has any USB devices or USB controllers present, this is a finding.
 
-Select a distributed switch &gt;&gt; Select a distributed port group &gt;&gt; Configure &gt;&gt; Settings &gt;&gt; Properties.
+If USB smart card readers are used to pass smart cards through the VM console to a VM, the use of a USB controller and USB devices for that purpose is not a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Click &quot;Edit&quot;.
+From the vSphere Client, right-click the Virtual Machine and go to "Edit Settings".
 
-Select advanced and update &quot;Configure reset at disconnect&quot; to be enabled and click &quot;OK&quot;.
+Select the USB controller, click the circled "X" to remove it, and click "OK".
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following command:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
+
+Get-VM "VM Name" | Get-USBDevice | Remove-USBDevice
+
+Note:  This will not remove the USB controller, just any connected devices.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000213' do\n  title 'Virtual machines (VMs) must remove unneeded USB devices.'\n  desc  'Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Review the VMs hardware and verify no USB devices exist.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:\n\n    Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match \\\"usb\\\"}\n    Get-VM | Get-UsbDevice\n\n    If a virtual machine has any USB devices or USB controllers present, this is a finding.\n\n    If USB smart card readers are used to pass smart cards through the VM console to a VM, the use of a USB controller and USB devices for that purpose is not a finding.\n  \"\n  desc  'fix', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, right-click the Virtual Machine and go to \\\"Edit Settings\\\".\n\n    Select the USB controller, click the circled \\\"X\\\" to remove it, and click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-USBDevice | Remove-USBDevice\n\n    Note:  This will not remove the USB controller, just any connected devices.\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000213'\n  tag rid: 'SV-VMCH-80-000213'\n  tag stig_id: 'VMCH-80-000213'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"(Get-VM -Name '#{vm}').ExtensionData.Config.Hardware.Device.DeviceInfo.label\"\n      result = powercli_command(command).stdout.strip\n      describe \"Checking the VM: #{vm} for USB devices\" do\n        subject { result }\n        it { should_not match 'USB' }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Open</STATUS>
+				<FINDING_DETAILS>failed :: TEST Checking the VM: stig vm2 for USB devices is expected not to match "USB" :: MESSAGE expected "IDE 0\r\nIDE 1\r\nPS2 controller 0\r\nPCI controller 0\r\nSIO controller 0\r\nKeyboard \r\nPointing ...er \r\nSCSI controller 0\r\nSATA controller 0\r\nCD/DVD drive 1\r\nHard disk 1\r\nNetwork adapter 1" not to match "USB"
+Diff:
+@@ -1,15 +1,29 @@
+-USB
++IDE 0
++IDE 1
++PS2 controller 0
++PCI controller 0
++SIO controller 0
++Keyboard 
++Pointing device
++Video card 
++VMCI device
++USB xHCI controller 
++SCSI controller 0
++SATA controller 0
++CD/DVD drive 1
++Hard disk 1
++Network adapter 1
 
-$pgs &#x3D; Get-VDPortgroup | Get-View
-ForEach($pg in $pgs){
-$spec &#x3D; New-Object VMware.Vim.DVPortgroupConfigSpec
-$spec.configversion &#x3D; $pg.Config.ConfigVersion
-$spec.Policy &#x3D; New-Object VMware.Vim.VMwareDVSPortgroupPolicy
-$spec.Policy.PortConfigResetAtDisconnect &#x3D; $True
-$pg.ReconfigureDVPortgroup_Task($spec)
-}</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>eb7ef54f-2973-4c25-a56c-8d3eff6be2d4</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>NotAFinding</STATUS>
-				<FINDING_DETAILS>passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 1-DVUplinks-40&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
---------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 1&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 2&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
+failed :: TEST Checking the VM: stigvm1 for USB devices is expected not to match "USB" :: MESSAGE expected "IDE 0\r\nIDE 1\r\nPS2 controller 0\r\nPCI controller 0\r\nSIO controller 0\r\nKeyboard \r\nPointing ...er \r\nSCSI controller 0\r\nSATA controller 0\r\nCD/DVD drive 1\r\nHard disk 1\r\nNetwork adapter 1" not to match "USB"
+Diff:
+@@ -1,15 +1,29 @@
+-USB
++IDE 0
++IDE 1
++PS2 controller 0
++PCI controller 0
++SIO controller 0
++Keyboard 
++Pointing device
++Video card 
++VMCI device
++USB xHCI controller 
++SCSI controller 0
++SATA controller 0
++CD/DVD drive 1
++Hard disk 1
++Network adapter 1
+
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VDSwitch STIG 2-DVUplinks-44&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for USB devices is expected not to match "USB"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 3&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for USB devices is expected not to match "USB"
 --------------------------------
-passed
-PowerCLI Command: (Get-VDPortgroup -Name &quot;VD PG 4&quot;).ExtensionData.Config.Policy.PortConfigResetAtDisconnect stdout.strip is expected to cmp &#x3D;&#x3D; &quot;True&quot;</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000303</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000303</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000303</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must disable Secure Shell (SSH) access.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vCenter Server is delivered as an appliance, and intended to be managed through the VAMI, vSphere Client, and APIs. SSH is a troubleshooting and support tool and should only be enabled when necessary.
-
-vCenter Server High Availability uses SSH to coordinate the replication and failover between the nodes. Use of this feature requires SSH to remain enabled.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Access&quot; on the left navigation pane.
-
-If &quot;SSH Login&quot; is not &quot;Deactivated&quot;, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Open the Virtual Appliance Management Interface (VAMI) by navigating to https:&#x2F;&#x2F;&lt;vCenter server&gt;:5480.
-
-Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the &quot;SystemConfiguration.BashShellAdministrator&quot; group.
-
-Select &quot;Access&quot; on the left navigation pane.
-
-Click &quot;Edit&quot; then disable &quot;Activate SSH Login&quot; and click &quot;OK&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>68a5da38-6cbd-4f3a-83d1-c03a2449230c</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-True is expected not to cmp &#x3D;&#x3D; &quot;true&quot;
-
-expected: true
-     got: True
-
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-			<VULN>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>V-VCSA-80-000304</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>SV-VCSA-80-000304</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>VCSA-80-000304</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>The vCenter Server must enable data in transit encryption for vSAN.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>Transit encryption must be enabled to prevent unauthorized disclosure information and to protect the confidentiality of organizational information.
-
-vSAN data-in-transit encryption has the following characteristics:
--vSAN uses AES-256 bit encryption on data in transit.
--Forward secrecy is enforced for vSAN data-in-transit encryption.
--Traffic between data hosts and witness hosts is encrypted.
--File service data traffic between the VDFS proxy and VDFS server is encrypted.
--vSAN file services inter-host connections are encrypted.
--vSAN uses symmetric keys that are generated dynamically and shared between hosts. Hosts dynamically generate an encryption key when they establish a connection, and they use the key to encrypt all traffic between the hosts. You do not need a key management server to perform data-in-transit encryption.
-
-Each host is authenticated when it joins the cluster, ensuring connections only to trusted hosts are allowed. When a host is removed from the cluster, it is authentication certificate is removed.
-
-vSAN data-in-transit encryption is a cluster-wide setting. When enabled, all data and metadata traffic is encrypted as it transits across hosts.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>If no clusters are enabled for vSAN, this is not applicable.
-
-From the vSphere Client, go to Host and Clusters.
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for USB devices is expected not to match "USB"</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-OS-000480-VMM-002000</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-VMCH-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMCH-80-000214</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Virtual machines (VMs) must disable DirectPath I/O devices when not required.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMDirectPath I/O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with minimal intervention from the ESXi host. This is a powerful feature for legitimate applications such as virtualized storage appliances, backup appliances, dedicated graphics, etc., but it also allows a potential attacker highly privileged access to underlying hardware and the PCI bus.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>For each virtual machine do the following:
 
-Select the vCenter Server &gt;&gt; Select the cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
+From the vSphere Client, view the Summary tab.
 
-Review the &quot;Data-in-transit encryption&quot; status.
+Review the PCI devices section and verify none exist.
 
 or
 
-From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-$vsanclusterconf &#x3D; Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system
-$vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name &lt;cluster name&gt;).ExtensionData.MoRef).DataInTransitEncryptionConfig
+Get-VM "VM Name" | Get-PassthroughDevice
 
-Repeat these steps for each vSAN enabled cluster in the environment.
+If the virtual machine has passthrough devices present, and the specific device returned is not approved, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>From the vSphere Client, select the Virtual Machine, right click and go to Edit Settings &gt;&gt; Virtual Hardware tab.
 
-If &quot;Data-In-Transit encryption&quot; is not enabled, this is a finding.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>From the vSphere Client, go to Host and Clusters.
+Find the unexpected PCI device returned from the check.
 
-Select the vCenter Server &gt;&gt; Select the target cluster &gt;&gt; Configure &gt;&gt; vSAN &gt;&gt; Services &gt;&gt; Data Services.
+Hover the mouse over the device and click the circled "X" to remove the device. Click "OK".
 
-Click &quot;Edit&quot;.
-
-Enable &quot;Data-In-Transit encryption&quot; and choose a rekey interval suitable for the environment then click &quot;Apply&quot;.</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>vmware-vsphere-8.0-stig-baseline </ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>0</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>20e9609b-79fd-4a8d-a6b6-31ccccec7fc7</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STIG_DATA>
-					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-				</STIG_DATA>
-				<STATUS>Open</STATUS>
-				<FINDING_DETAILS>failed
-PowerCLI Command: $vsanclusterconf &#x3D; Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system; $vsanclusterconf.VsanClusterGetConfig((Get-Cluster -Name cluster0).ExtensionData.MoRef).DataInTransitEncryptionConfig.Enabled stdout.strip is expected to cmp &#x3D;&#x3D; &quot;true&quot;
+or
 
-expected: true
-     got: 
+From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
 
-(compared using &#x60;cmp&#x60; matcher)
-</FINDING_DETAILS>
-				<COMMENTS></COMMENTS>
-				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
-				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
-			</VULN>
-		</iSTIG>
-	</STIGS>
+Get-VM "VM Name" | Get-PassthroughDevice | Remove-PassthroughDevice</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>{
+  "hdfSpecificData": {
+    "code": "control 'VMCH-80-000214' do\n  title 'Virtual machines (VMs) must disable DirectPath I/O devices when not required.'\n  desc  'VMDirectPath I/O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with minimal intervention from the ESXi host. This is a powerful feature for legitimate applications such as virtualized storage appliances, backup appliances, dedicated graphics, etc., but it also allows a potential attacker highly privileged access to underlying hardware and the PCI bus.'\n  desc  'rationale', ''\n  desc  'check', \"\n    For each virtual machine do the following:\n\n    From the vSphere Client, view the Summary tab.\n\n    Review the PCI devices section and verify none exist.\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-PassthroughDevice\n\n    If the virtual machine has passthrough devices present, and the specific device returned is not approved, this is a finding.\n  \"\n  desc 'fix', \"\n    From the vSphere Client, select the Virtual Machine, right click and go to Edit Settings &gt;&gt; Virtual Hardware tab.\n\n    Find the unexpected PCI device returned from the check.\n\n    Hover the mouse over the device and click the circled \\\"X\\\" to remove the device. Click \\\"OK\\\".\n\n    or\n\n    From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:\n\n    Get-VM \\\"VM Name\\\" | Get-PassthroughDevice | Remove-PassthroughDevice\n  \"\n  impact 0.5\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000480-VMM-002000'\n  tag gid: 'V-VMCH-80-000214'\n  tag rid: 'SV-VMCH-80-000214'\n  tag stig_id: 'VMCH-80-000214'\n  tag cci: ['CCI-000366']\n  tag nist: ['CM-6 b']\n\n  vmName = input('vmName')\n  allvms = input('allvms')\n  vms = []\n\n  unless vmName.empty?\n    vms = powercli_command(\"Get-VM -Name #{vmName} | Sort-Object Name | Select -ExpandProperty Name\").stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n  unless allvms == false\n    vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub(\"\\r\\n\", \"\\n\").split(\"\\n\")\n  end\n\n  if !vms.empty?\n    vms.each do |vm|\n      command = \"Get-VM -Name '#{vm}' | Get-PassthroughDevice\"\n      result = powercli_command(command).stdout.strip\n      describe \"Checking the VM: #{vm} for PCI passthrough devices\" do\n        subject { result }\n        it { should be_empty }\n      end\n    end\n  else\n    describe 'No VMs found!' do\n      skip 'No VMs found...skipping tests'\n    end\n  end\nend\n"
+  }
+}</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>VMware vSphere 8.0 Virtual Machine STIG Readiness Guide :: Version 1</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>NotAFinding</STATUS>
+				<FINDING_DETAILS>passed :: TEST Checking the VM: stig vm2 for PCI passthrough devices is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: stigvm1 for PCI passthrough devices is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-1446f2cc-b6b7-4778-84b7-f73f758dd46c for PCI passthrough devices is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-28a51340-7070-4437-b4b1-a87b7480ac7d for PCI passthrough devices is expected to be empty
+--------------------------------
+passed :: TEST Checking the VM: vCLS-b680b5a0-5434-48a0-8420-82c95e5ab481 for PCI passthrough devices is expected to be empty</FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+	</STIGS>
 </CHECKLIST>
\ No newline at end of file

From f1d09e39d18dff5087802b81d884cfa0b2226d7a Mon Sep 17 00:00:00 2001
From: Kaden Emley <kemley@mitre.org>
Date: Mon, 1 Jul 2024 10:40:29 -0400
Subject: [PATCH 4/6] update ckl metadata validation to use hdf-converters
 helper function

Signed-off-by: Kaden Emley <kemley@mitre.org>
---
 package-lock.json                     | 34 ++++++++++++
 src/commands/convert/hdf2ckl.ts       | 15 +++---
 src/commands/generate/ckl_metadata.ts | 76 ++++++++++++++++++---------
 3 files changed, 92 insertions(+), 33 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 783b0beb5..c4950b02d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4211,7 +4211,9 @@
         "@types/ms": "^0.7.31",
         "@types/mustache": "^4.1.2",
         "@types/papaparse": "^5.3.2",
+        "@types/revalidator": "^0.3.12",
         "@types/triple-beam": "^1.3.2",
+        "@types/validator": "^13.12.0",
         "@types/xml2js": "^0.4.9",
         "axios": "^1.3.5",
         "compare-versions": "^6.0.0",
@@ -4225,10 +4227,12 @@
         "ms": "^2.1.3",
         "mustache": "^4.2.0",
         "papaparse": "^5.3.1",
+        "revalidator": "^0.3.1",
         "run-script-os": "^1.1.6",
         "semver": "^7.6.0",
         "tailwindcss": "^3.3.3",
         "tw-elements": "^1.0.0-beta2",
+        "validator": "^13.12.0",
         "winston": "^3.6.0",
         "xml-formatter": "^3.6.2",
         "xml-parser-xo": "^4.1.1",
@@ -7076,6 +7080,12 @@
       "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
       "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ=="
     },
+    "node_modules/@types/revalidator": {
+      "version": "0.3.12",
+      "resolved": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz",
+      "integrity": "sha512-DsA2jHfz73JaIROVoMDd/x7nVWXBmEdDSoXB4yQlDzv/NCBkFY2fMHkyE6DGrvooLDAFe5QI6l9Wq0TgdopMtg==",
+      "license": "MIT"
+    },
     "node_modules/@types/send": {
       "version": "0.17.4",
       "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz",
@@ -7130,6 +7140,12 @@
       "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz",
       "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA=="
     },
+    "node_modules/@types/validator": {
+      "version": "13.12.0",
+      "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz",
+      "integrity": "sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==",
+      "license": "MIT"
+    },
     "node_modules/@types/wrap-ansi": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz",
@@ -17535,6 +17551,15 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/revalidator": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz",
+      "integrity": "sha512-orq+Nw+V5pDpQwGEuN2n1AgJ+0A8WqhFHKt5KgkxfAowUKgO1CWV32IR3TNB4g9/FX3gJt9qBJO8DYlwonnB0Q==",
+      "license": "Apache 2.0",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
     "node_modules/rimraf": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
@@ -19144,6 +19169,15 @@
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
       }
     },
+    "node_modules/validator": {
+      "version": "13.12.0",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz",
+      "integrity": "sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/vary": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index 4447c7607..3b7f44847 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -2,7 +2,7 @@ import {Command, Flags} from '@oclif/core'
 import _ from 'lodash'
 import fs from 'fs'
 import {CKLMetadata} from '../../types/checklist'
-import {ChecklistResults as Mapper} from '@mitre/hdf-converters'
+import {ChecklistResults as Mapper, validateChecklistMetadata} from '@mitre/hdf-converters'
 
 export default class HDF2CKL extends Command {
   static usage = 'convert hdf2ckl -i <hdf-scan-results-json> -o <output-ckl> [-h] [-m <metadata>] [-H <hostname>] [-F <fqdn>] [-M <mac-address>] [-I <ip-address>]'
@@ -42,17 +42,14 @@ export default class HDF2CKL extends Command {
     const hdfMetadata = _.get(inputHDF, 'passthrough.metadata', _.get(inputHDF, 'passthrough.checklist.asset', {}))
     const metadata = _.merge(_.merge(defaultMetadata, hdfMetadata, fileMetadata, flagMetadata))
 
-    metadata.profiles = flags.metadata ? [{title: _.get(fileMetadata, 'benchmark.title'),
-      name: _.get(fileMetadata, 'benchmark.title'),
-      version: _.get(fileMetadata, 'benchmark.version'),
-      releasenumber: _.get(fileMetadata, 'benchmark.releasenumber'),
-      releasedate: _.get(fileMetadata, 'benchmark.releasedate')}] : _.get(hdfMetadata, 'profiles', [])
+    metadata.profiles = flags.metadata ? _.get(fileMetadata, 'profiles', []) : _.get(hdfMetadata, 'profiles', [])
     _.set(inputHDF, 'passthrough.metadata', metadata)
 
-    try {
+    const validationResults = validateChecklistMetadata(metadata)
+    if (validationResults.ok) {
       fs.writeFileSync(flags.output, new Mapper(inputHDF).toCkl())
-    } catch (error) {
-      console.error(`Error creating checklist:\n${error}`)
+    } else {
+      console.error(`Error creating checklist:\n${validationResults.error.message}`)
       process.exit(1)
     }
   }
diff --git a/src/commands/generate/ckl_metadata.ts b/src/commands/generate/ckl_metadata.ts
index 355060ae8..feb748093 100644
--- a/src/commands/generate/ckl_metadata.ts
+++ b/src/commands/generate/ckl_metadata.ts
@@ -2,10 +2,33 @@ import {Command, Flags} from '@oclif/core'
 import fs from 'fs'
 import promptSync from 'prompt-sync'
 import _ from 'lodash'
-import {validateChecklistMetadata} from '@mitre/hdf-converters'
+import {ChecklistMetadata, validateChecklistMetadata} from '@mitre/hdf-converters'
 
 const prompt = promptSync()
 
+// Ensures that no empty strings are passed into the metadata
+function noEmpty(ask: string) : string | undefined {
+  const response = prompt({ask})
+  if (response)
+    return response
+  return undefined
+}
+
+function enforceInteger(ask: string) {
+  let response = prompt({ask})
+  let intRep: number
+  while (true) {
+    intRep = Number.parseInt(response, 10)
+    const floatRep = Number.parseFloat(response)
+    if (intRep === floatRep && intRep >= 0 && !Number.isNaN(intRep))
+      break
+    console.log(`${response} is not a valid non-negative integer. Please try again`)
+    response = prompt({ask})
+  }
+
+  return intRep
+}
+
 export default class GenerateCKLMetadata extends Command {
   static usage = 'generate ckl_metadata -o <json-file> [-h]'
 
@@ -22,30 +45,35 @@ export default class GenerateCKLMetadata extends Command {
     const {flags} = await this.parse(GenerateCKLMetadata)
     console.log('Please fill in the following fields to the best of your ability, if you do not have a value, please leave the field empty.')
     const cklMetadata = {
-      benchmark: {
-        title: prompt({ask: 'What is the benchmark title? '}),
-        version: prompt({ask: 'What is the benchmark version? '}),
-        releasenumber: prompt({ask: 'What is the benchmark release number? '}),
-        releasedate: prompt({ask: 'What is the benchmark release date? '}),
-      },
-      marking: prompt({ask: 'What is the marking? '}),
-      hostname: prompt({ask: 'What is the asset hostname? '}),
-      hostip: prompt({ask: 'What is the asset IP address? '}),
-      hostmac: prompt({ask: 'What is the asset MAC address? '}),
-      hostfqdn: prompt({ask: 'What is the asset FQDN? '}),
-      targetcomment: prompt({ask: 'What are the target comments? '}),
-      role: prompt({ask: 'What is the computing role? (None/Workstation/Member Server/Domain Controller) '}),
-      assettype: _.capitalize(prompt({ask: 'What is the asset type? (Computing/Non-Computing) '})),
-      techarea: prompt({ask: 'What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '}), // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
-      stigguid: prompt({ask: 'What is the STIG ID? '}),
-      targetkey: prompt({ask: 'What is the target key? '}),
-      webordatabase: prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y',
-      webdbsite: prompt({ask: 'What is the Web or DB site? '}),
-      webdbinstance: prompt({ask: 'What is the Web or DB instance? '}),
+      profiles: [
+        {
+          name: noEmpty('What is the benchmark name? (Must match with profile name listed in HDF) '),
+          title: noEmpty('What is the benchmark title? '),
+          version: enforceInteger('What is the benchmark version? '),
+          releasenumber: enforceInteger('What is the benchmark release number? '),
+          releasedate: noEmpty('What is the benchmark release date (YYYY/MM/DD)? '),
+          showCalendar: true,
+        },
+      ],
+      marking: noEmpty('What is the marking? '),
+      hostname: noEmpty('What is the asset hostname? '),
+      hostip: noEmpty('What is the asset IP address? '),
+      hostmac: noEmpty('What is the asset MAC address? '),
+      hostfqdn: noEmpty('What is the asset FQDN? '),
+      targetcomment: noEmpty('What are the target comments? '),
+      role: noEmpty('What is the computing role? (None/Workstation/Member Server/Domain Controller) '),
+      assettype: noEmpty('What is the asset type? (Computing/Non-Computing) '),
+      techarea: noEmpty('What is the tech area? (Application Review/Boundary Security/CDS Admin Review/CDS Technical Review/Database Review/Domain Name System (DNS)/Exchange Server/Host Based System Security (HBSS)/Internal Network/Mobility/Releasable Networks (REL)/Releaseable Networks (REL)/Traditional Security/UNIX OS/VVOIP Review/Web Review/Windows OS/Other Review) '), // Yes, these typos really are how the enumerations are defined in STIG viewer's source code
+      stigguid: noEmpty('What is the STIG ID? '),
+      targetkey: noEmpty('What is the target key? '),
+      webordatabase: String(prompt({ask: 'Is the target a web or database? (y/n) '}).toLowerCase() === 'y'),
+      webdbsite: noEmpty('What is the Web or DB site? '),
+      webdbinstance: noEmpty('What is the Web or DB instance? '),
+      vulidmapping: noEmpty('Use gid or id for vuln number? (gid/id) '),
     }
-    const validationResults = validateChecklistMetadata(cklMetadata)
-    if (validationResults.isError) {
-      console.error(`Unable to generate checklist metadata:\n${validationResults.message}`)
+    const validationResults = validateChecklistMetadata(cklMetadata as ChecklistMetadata)
+    if (!validationResults.ok) {
+      console.error(`Unable to generate checklist metadata:\n${validationResults.error.message}`)
       process.exit(1)
     }
 

From 69e94c0be94282d791dd3bd30129656b366141af Mon Sep 17 00:00:00 2001
From: Kaden Emley <kemley@mitre.org>
Date: Wed, 10 Jul 2024 10:24:12 -0400
Subject: [PATCH 5/6] added tests to ensure that converting with invalid
 metadata display an error message

Signed-off-by: Kaden Emley <kemley@mitre.org>
---
 src/commands/convert/ckl2hdf.ts               |   1 -
 src/commands/convert/hdf2ckl.ts               |   1 -
 test/commands/convert/ckl2hdf.test.ts         |  17 +
 test/commands/convert/hdf2ckl.test.ts         |  11 +
 .../ckl_with_invalid_metadata.ckl             | 505 ++++++++++++++++++
 .../sample_input_report/invalid_metadata.json |   1 +
 6 files changed, 534 insertions(+), 2 deletions(-)
 create mode 100644 test/sample_data/checklist/sample_input_report/ckl_with_invalid_metadata.ckl
 create mode 100644 test/sample_data/checklist/sample_input_report/invalid_metadata.json

diff --git a/src/commands/convert/ckl2hdf.ts b/src/commands/convert/ckl2hdf.ts
index c289cdb77..3bfc15b2f 100644
--- a/src/commands/convert/ckl2hdf.ts
+++ b/src/commands/convert/ckl2hdf.ts
@@ -28,7 +28,6 @@ export default class CKL2HDF extends Command {
       fs.writeFileSync(checkSuffix(flags.output), JSON.stringify(converter.toHdf()))
     } catch (error) {
       console.error(`Error converting to hdf:\n${error}`)
-      process.exit(1)
     }
   }
 }
diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index 3b7f44847..398602f9f 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -50,7 +50,6 @@ export default class HDF2CKL extends Command {
       fs.writeFileSync(flags.output, new Mapper(inputHDF).toCkl())
     } else {
       console.error(`Error creating checklist:\n${validationResults.error.message}`)
-      process.exit(1)
     }
   }
 }
diff --git a/test/commands/convert/ckl2hdf.test.ts b/test/commands/convert/ckl2hdf.test.ts
index de70a80bc..f6c19f79e 100644
--- a/test/commands/convert/ckl2hdf.test.ts
+++ b/test/commands/convert/ckl2hdf.test.ts
@@ -42,3 +42,20 @@ describe('Test ckl2hdf Three Stig Checklist example', () => {
       expect(omitHDFChangingFields(test)).to.eql(omitHDFChangingFields(sample))
     })
 })
+
+
+describe('Test invalid checklist metadata example', () => {
+  const tmpobj = tmp.dirSync({unsafeCleanup: true})
+
+  test
+    .stdout()
+    .stderr()
+    .command(['convert ckl2hdf', '-i', path.resolve('./test/sample_data/checklist/sample_input_report/ckl_with_invalid_metadata.ckl'), '-o', `${tmpobj.name}/invalid_output.json`])
+    .it(
+      'hdf-converter output test - throws error when using invalid checklist metadata',
+      ctx => {
+        expect(ctx.stderr).to.equal('Error converting to hdf:\nError: Invalid checklist metadata fields: Host FQDN (invalid), Host IP (invalid), Host MAC (invalid)\n')
+      },
+    )
+
+})
\ No newline at end of file
diff --git a/test/commands/convert/hdf2ckl.test.ts b/test/commands/convert/hdf2ckl.test.ts
index 3c31c6864..dc95306d2 100644
--- a/test/commands/convert/hdf2ckl.test.ts
+++ b/test/commands/convert/hdf2ckl.test.ts
@@ -33,4 +33,15 @@ describe('Test hdf2checklist', () => {
       const sample = fs.readFileSync(path.resolve('./test/sample_data/checklist/red_hat_good_metadata.ckl'), 'utf8')
       expect(omitChecklistChangingFields(test)).to.eql(omitChecklistChangingFields(sample))
     })
+
+  test
+    .stdout()
+    .stderr()
+    .command(['convert hdf2ckl', '-i', path.resolve('./test/sample_data/HDF/input/red_hat_good.json'), '-o', `${tmpobj.name}/hdf2ckl_metadata_error_test.json`, '--ip', 'bad ip address', '-m', path.resolve('test/sample_data/checklist/sample_input_report/invalid_metadata.json')])
+    .it(
+      'hdf-converter output test - throws error when using invalid checklist metadata',
+      ctx => {
+        expect(ctx.stderr).to.equal('Error creating checklist:\nInvalid checklist metadata fields: Host IP (bad ip address), Asset Type (Not a real assettype)\n')
+      },
+    )
 })
diff --git a/test/sample_data/checklist/sample_input_report/ckl_with_invalid_metadata.ckl b/test/sample_data/checklist/sample_input_report/ckl_with_invalid_metadata.ckl
new file mode 100644
index 000000000..01b25edbc
--- /dev/null
+++ b/test/sample_data/checklist/sample_input_report/ckl_with_invalid_metadata.ckl
@@ -0,0 +1,505 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--DISA STIG Viewer :: 2.17-->
+<CHECKLIST>
+	<ASSET>
+		<ROLE>Member Server</ROLE>
+		<ASSET_TYPE>Computing</ASSET_TYPE>
+		<MARKING>CUI</MARKING>
+		<HOST_NAME>valid</HOST_NAME>
+		<HOST_IP>invalid</HOST_IP>
+		<HOST_MAC>invalid</HOST_MAC>
+		<HOST_FQDN>invalid</HOST_FQDN>
+		<TARGET_COMMENT></TARGET_COMMENT>
+		<TECH_AREA>Exchange Server</TECH_AREA>
+		<TARGET_KEY>5339</TARGET_KEY>
+		<WEB_OR_DATABASE>false</WEB_OR_DATABASE>
+		<WEB_DB_SITE></WEB_DB_SITE>
+		<WEB_DB_INSTANCE></WEB_DB_INSTANCE>
+	</ASSET>
+	<STIGS>
+		<iSTIG>
+			<STIG_INFO>
+				<SI_DATA>
+					<SID_NAME>version</SID_NAME>
+					<SID_DATA>1</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>classification</SID_NAME>
+					<SID_DATA>UNCLASSIFIED</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>customname</SID_NAME>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>stigid</SID_NAME>
+					<SID_DATA>Cisco_ASA_FW_STIG</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>description</SID_NAME>
+					<SID_DATA>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>filename</SID_NAME>
+					<SID_DATA>U_Cisco_ASA_Firewall_STIG_V1R4_Manual-xccdf.xml</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>releaseinfo</SID_NAME>
+					<SID_DATA>Release: 4 Benchmark Date: 27 Apr 2023</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>title</SID_NAME>
+					<SID_DATA>Cisco ASA Firewall Security Technical Implementation Guide</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>uuid</SID_NAME>
+					<SID_DATA>b6a7cb18-6ffe-4a6e-9f44-60d514c98db9</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>notice</SID_NAME>
+					<SID_DATA>terms-of-use</SID_DATA>
+				</SI_DATA>
+				<SI_DATA>
+					<SID_NAME>source</SID_NAME>
+					<SID_DATA>STIG.DOD.MIL</SID_DATA>
+				</SI_DATA>
+			</STIG_INFO>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-239852</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-NET-000019-FW-000003</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-239852r665842_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CASA-FW-000010</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.
+
+The firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Review the ASA configuration to determine if it only permits outbound traffic using authorized ports and services.
+
+Step 1: Verify that an ingress ACL has been applied to all internal interfaces as shown in the example below.
+
+ interface GigabitEthernet0/0
+ nameif INSIDE
+ security-level 100
+ ip address 10.1.11.1 255.255.255.0
+…
+…
+…
+access-group INSIDE _IN in interface INSIDE 
+
+Step 2: Verify that the ingress ACL only allows outbound traffic using authorized ports and services as shown in the example below.
+
+access-list INSIDE _IN extended permit tcp any any eq www 
+access-list INSIDE _IN extended permit tcp any any eq https 
+access-list INSIDE _IN extended permit tcp any any eq …
+access-list INSIDE _IN extended deny ip any any log
+
+If the ASA is not configured to only allow outbound traffic using authorized ports and services, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Step 1: Configure the ingress ACL similar to the example below.
+
+ASA(config)# access-list INSIDE_INextended permit tcp any any eq https
+ASA(config)# access-list INSIDE_INextended permit tcp any any eq http
+ASA(config)# access-list INSIDE_INextended permit tcp any any eq …
+ASA(config)# access-list INSIDE_INextended deny ip any any log      
+
+Step 2: Apply the ACL inbound on all internal interfaces as shown in the example below.
+
+ASA(config)# access-group INSIDE_IN in interface INSIDE
+ASA(config)# end</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>5339</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>54b4701f-19a1-4d5b-9497-5be85f995362</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001414</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS></FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-239853</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-NET-000019-FW-000004</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-239853r665845_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CASA-FW-000020</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation.
+
+Review the ASA configuration and verify that the following command is not configured.
+
+asp rule-engine transactional-commit access-group
+
+If transactional-commit access-group has been configured, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remove the command asp rule-engine transactional-commit access-group
+
+ASA(config)# no asp rule-engine transactional-commit access-group</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>5339</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>54b4701f-19a1-4d5b-9497-5be85f995362</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-001414</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS></FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+			<VULN>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>V-239854</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SRG-NET-000061-FW-000001</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>SV-239854r665848_rule</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CASA-FW-000030</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Remote access devices (such as those providing remote access to network devices and information systems) that lack automated capabilities increase risk and make remote user access management difficult at best.
+
+Remote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.
+
+Automated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Step 1: Verify that an ACL has been applied to the applicable VPN group policy via the vpn-filter attribute as shown in the example below.
+
+group-policy VPN_POLICY internal
+group-policy VPN_POLICY attributes
+ …
+ …
+ …
+ vpn-filter value RESTRICT_VPN
+
+Step 2: Verify that the filter restricts traffic according to organization-defined filtering rules as shown in the example below.
+
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.12 eq http 
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0  host 192.168.1.13 eq smtp 
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0  host 192.168.1.14 eq ftp 
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp-data 
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0  host 192.168.1.15 eq domain
+access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0  host 192.168.1.16 eq sqlnet
+access-list RESTRICT_VPN extended deny ip any any log
+
+Note: In the example above, assume that the client-assigned IP address pool is 10.10.10.0/24 and the local private network is 192.168.1.0/24.
+
+If the ASA is not configured to restrict VPN traffic according to organization-defined filtering rules, this is a finding.</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Step 1: Configure the ACL to restrict VPN traffic.
+
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.12 eq http
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.13 eq smtp
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp-data
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.y host 192.168.1.15 eq domain
+ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.16 eq sqlnet
+ASA(config)# access-list RESTRICT_VPN extended deny ip any any log
+ASA(config)# exit 
+
+Step 2: Apply the VPN filter to the applicable group policy as shown in the example below.
+
+ASA(config)# group-policy VPN_POLICY attributes 
+ASA(config-group-policy)# vpn-filter value RESTRICT_VPN 
+ASA(config-group-policy)# end</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Check_Content_Ref</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>M</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>Class</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Unclass</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>TargetKey</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>5339</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>STIG_UUID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>54b4701f-19a1-4d5b-9497-5be85f995362</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>LEGACY_ID</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA></ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STIG_DATA>
+					<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+					<ATTRIBUTE_DATA>CCI-000067</ATTRIBUTE_DATA>
+				</STIG_DATA>
+				<STATUS>Not_Reviewed</STATUS>
+				<FINDING_DETAILS></FINDING_DETAILS>
+				<COMMENTS></COMMENTS>
+				<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
+				<SEVERITY_JUSTIFICATION></SEVERITY_JUSTIFICATION>
+			</VULN>
+		</iSTIG>
+	</STIGS>
+</CHECKLIST>
\ No newline at end of file
diff --git a/test/sample_data/checklist/sample_input_report/invalid_metadata.json b/test/sample_data/checklist/sample_input_report/invalid_metadata.json
new file mode 100644
index 000000000..50aeaf2e6
--- /dev/null
+++ b/test/sample_data/checklist/sample_input_report/invalid_metadata.json
@@ -0,0 +1 @@
+{"profiles":[{"name":"My benchmark","title":"RHEL 219","version":12,"releasenumber":23,"releasedate":"2024/07/10","showCalendar":true}],"marking":"CUI","hostip":"invalid","role":"Workstation","assettype":"Not a real assettype","techarea":"Traditional Security","webordatabase":"false","vulidmapping":"id"}
\ No newline at end of file

From 4482231ef462538a7ab86280eb1d1160e8da0886 Mon Sep 17 00:00:00 2001
From: Kaden Emley <kemley@mitre.org>
Date: Thu, 11 Jul 2024 11:11:19 -0400
Subject: [PATCH 6/6] use checklist types from hdf-converters

Signed-off-by: Kaden Emley <kemley@mitre.org>
---
 src/commands/convert/hdf2ckl.ts | 17 +++----
 src/types/checklist.d.ts        | 44 ----------------
 src/utils/checklist.ts          | 90 ---------------------------------
 3 files changed, 7 insertions(+), 144 deletions(-)
 delete mode 100644 src/types/checklist.d.ts
 delete mode 100644 src/utils/checklist.ts

diff --git a/src/commands/convert/hdf2ckl.ts b/src/commands/convert/hdf2ckl.ts
index 398602f9f..032482824 100644
--- a/src/commands/convert/hdf2ckl.ts
+++ b/src/commands/convert/hdf2ckl.ts
@@ -1,8 +1,7 @@
 import {Command, Flags} from '@oclif/core'
 import _ from 'lodash'
 import fs from 'fs'
-import {CKLMetadata} from '../../types/checklist'
-import {ChecklistResults as Mapper, validateChecklistMetadata} from '@mitre/hdf-converters'
+import {Assettype, ChecklistMetadata, ChecklistResults as Mapper, Role, Techarea, validateChecklistMetadata} from '@mitre/hdf-converters'
 
 export default class HDF2CKL extends Command {
   static usage = 'convert hdf2ckl -i <hdf-scan-results-json> -o <output-ckl> [-h] [-m <metadata>] [-H <hostname>] [-F <fqdn>] [-M <mac-address>] [-I <ip-address>]'
@@ -25,24 +24,22 @@ export default class HDF2CKL extends Command {
   async run() {
     const {flags} = await this.parse(HDF2CKL)
 
-    /* Order of prescedece for checklist metadata:
+    /* Order of precedence for checklist metadata:
       command flags (hostname, ip, etc.)
       metadata flag
       input hdf file passthrough.metadata
       input hdf file passthrough.checklist.asset */
 
-    const defaultMetadata: CKLMetadata = {
-      role: 'None', assettype: 'Computing', targetkey: '0', webordatabase: false, profiles: [],
-      hostfqdn: '', hostip: '', hostmac: '', hostguid: '', marking: '', techarea: '',
-      hostname: '', stigguid: '', targetcomment: '', webdbinstance: '', webdbsite: '',
+    const defaultMetadata: ChecklistMetadata = {
+      role: Role.None, assettype: Assettype.Computing, webordatabase: 'false', profiles: [],
+      hostfqdn: '', hostip: '', hostmac: '', marking: '', techarea: Techarea.Empty, vulidmapping: 'id',
+      hostname: '', targetcomment: '', webdbinstance: '', webdbsite: '',
     }
     const inputHDF = JSON.parse(fs.readFileSync(flags.input, 'utf8'))
     const flagMetadata = {hostname: flags.hostname, hostip: flags.ip, hostmac: flags.mac, hostfqdn: flags.fqdn}
     const fileMetadata = flags.metadata ? JSON.parse(fs.readFileSync(flags.metadata, 'utf8')) : {}
     const hdfMetadata = _.get(inputHDF, 'passthrough.metadata', _.get(inputHDF, 'passthrough.checklist.asset', {}))
-    const metadata = _.merge(_.merge(defaultMetadata, hdfMetadata, fileMetadata, flagMetadata))
-
-    metadata.profiles = flags.metadata ? _.get(fileMetadata, 'profiles', []) : _.get(hdfMetadata, 'profiles', [])
+    const metadata = _.merge(defaultMetadata, hdfMetadata, fileMetadata, flagMetadata)
     _.set(inputHDF, 'passthrough.metadata', metadata)
 
     const validationResults = validateChecklistMetadata(metadata)
diff --git a/src/types/checklist.d.ts b/src/types/checklist.d.ts
deleted file mode 100644
index a91c7cc8e..000000000
--- a/src/types/checklist.d.ts
+++ /dev/null
@@ -1,44 +0,0 @@
-import {StigMetadata} from '@mitre/hdf-converters'
-import {ContextualizedEvaluation} from 'inspecjs'
-
-export interface ChecklistControl {
-  vid: string;
-  rid: string;
-  ruleVersion: string;
-  gtitle: string;
-  severity: string;
-  title: string;
-  description: string;
-  checkText: string;
-  fixText: string;
-  profileName: string;
-  startTime: string;
-  targetKey: number;
-  uuidV4: string;
-  ccis: string[];
-  status: string;
-  results: string;
-}
-
-export interface CKLMetadata {
-  assettype: null | string;
-  hostfqdn: null | string;
-  hostguid: null | string;
-  hostip: null | string;
-  hostmac: null | string;
-  hostname: null | string;
-  marking: null | string;
-  role: null | string;
-  stigguid: null | string;
-  targetcomment: null | string;
-  targetkey: null | string;
-  techarea: null | string;
-  webdbinstance: null | string;
-  webdbsite: null | string;
-  webordatabase: null | boolean;
-  profiles: StigMetadata[]
-}
-
-type ExtendedEvaluationFile = {
-  evaluation: ContextualizedEvaluation;
-};
diff --git a/src/utils/checklist.ts b/src/utils/checklist.ts
deleted file mode 100644
index c5facddfc..000000000
--- a/src/utils/checklist.ts
+++ /dev/null
@@ -1,90 +0,0 @@
-import {ContextualizedControl, ControlStatus, HDFControlSegment, Severity} from 'inspecjs'
-import {ChecklistControl} from '../types/checklist'
-import {v4} from 'uuid'
-import _ from 'lodash'
-
-export function cklSeverity(severity: Severity): 'low' | 'medium' | 'high' {
-  switch (severity) {
-    case 'critical':
-    case 'high': {
-      return 'high'
-    }
-
-    case 'medium': {
-      return 'medium'
-    }
-
-    case 'low':
-    case 'none': {
-      return 'low'
-    }
-
-    default: {
-      return 'high'
-    }
-  }
-}
-
-export function cklStatus(status: ControlStatus): string {
-  switch (status) {
-    case 'Not Applicable':
-    case 'From Profile': {
-      return 'Not_Applicable'
-    }
-
-    case 'Profile Error':
-    case 'Not Reviewed': {
-      return 'Not_Reviewed'
-    }
-
-    case 'Passed': {
-      return 'NotAFinding'
-    }
-
-    default: {
-      return 'Open'
-    }
-  }
-}
-
-// Get segments/results as strings
-export function cklResults(segments?: HDFControlSegment[]): string {
-  if (segments === undefined) {
-    return ''
-  }
-
-  return segments
-    .map(segment => {
-      if (segment.message) {
-        return `${segment.status}\n${segment.code_desc}\n${segment.message}`
-      }
-
-      if (segment.skip_message) {
-        return `${segment.status}\n${segment.code_desc}\n${segment.skip_message}`
-      }
-
-      return `${segment.status}\n${segment.code_desc}`
-    })
-    .join('\n--------------------------------\n')
-}
-
-export function getDetails(control: ContextualizedControl, profileName: string): ChecklistControl {
-  return {
-    vid: control.data.tags.gid || control.data.id,
-    rid: control.data.tags.rid || control.data.id,
-    ruleVersion: control.data.tags.stig_id || control.data.id,
-    gtitle: control.data.tags.gtitle || control.data.id,
-    severity: cklSeverity(control.root.hdf.severity),
-    title: control.data.title || '',
-    description: control.data.desc || '',
-    checkText: control.hdf.descriptions.check || control.data.tags.check,
-    fixText: control.hdf.descriptions.fix || control.data.tags.fix,
-    profileName,
-    startTime: _.get(control, 'hdf.segments![0].start_time', ''),
-    targetKey: 0,
-    uuidV4: v4(),
-    ccis: control.data.tags.cci,
-    status: cklStatus(control.hdf.status),
-    results: cklResults(control.hdf.segments),
-  }
-}